0% found this document useful (0 votes)

273 views

Xclog 0x10f8

This diagnostic log records information about the initialization and setup of a process running the SAFE 12.0.1 Portable application. It retrieves operating system and environment information, sets up aliases for file paths, loads font resources, and checks registry keys. The process completes initialization after wrapping handles and adding fonts.

Uploaded by

Compra Cartas Mtg Bolivia

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

273 views

Xclog 0x10f8

Uploaded by

Compra Cartas Mtg Bolivia

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

You are on page 1/ 396

0x0A10: INFO: Start of diagnostic log for process with command line: "C:\User s\MarK\Desktop\SAFE 12.0.1 Portable.

exe" 0x0A10: INFO: Setting some windows apis. Time consumed so far: 0 ms. 0x0A10: INFO: OS Information - Version 6.1.7601, SP: 1.0, Suite: 0x100, Platf orm: 0x2, ProductType: 0x1, Text: Service Pack 1. 0x0A10: INFO: Got OS info. Time consumed so far: 0 ms. 0x0A10: INFO: Got parent info. Time consumed so far: 0 ms. 0x0A10: INFO: @APPDIR@ = C:\Users\MarK\Desktop 0x0A10: INFO: @WINDIR@ = C:\Windows 0x0A10: INFO: @SYSDRIVE@ = C: 0x0A10: INFO: @SYSTEM@ = C:\Windows\system32 0x0A10: INFO: @PROGRAMFILES@ = C:\Program Files (x86) 0x0A10: INFO: @PROGRAMFILESCOMMON@ = C:\Program Files (x86)\Common Files 0x0A10: INFO: @PROFILE@ = C:\Users\MarK 0x0A10: INFO: @PROFILECOMMON@ = C:\ProgramData 0x0A10: INFO: @APPDATA@ = C:\Users\MarK\AppData\Roaming 0x0A10: INFO: @APPDATALOCAL@ = C:\Users\MarK\AppData\Local 0x0A10: INFO: @STARTMENU@ = C:\Users\MarK\AppData\Roaming\Microsoft\Windows\S tart Menu 0x0A10: INFO: @PROGRAMS@ = C:\Users\MarK\AppData\Roaming\Microsoft\Windows\St art Menu\Programs 0x0A10: INFO: @STARTUP@ = C:\Users\MarK\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Startup 0x0A10: INFO: @DESKTOP@ = C:\Users\MarK\Desktop 0x0A10: INFO: @TEMPLATES@ = C:\Users\MarK\AppData\Roaming\Microsoft\Windows\T emplates 0x0A10: INFO: @FAVORITES@ = C:\Users\MarK\Favorites 0x0A10: INFO: @DOCUMENTS@ = C:\Users\MarK\Documents 0x0A10: INFO: @MUSIC@ = C:\Users\MarK\Music 0x0A10: INFO: @PICTURES@ = C:\Users\MarK\Pictures 0x0A10: INFO: @APPDATACOMMON@ = C:\ProgramData 0x0A10: INFO: @STARTMENUCOMMON@ = C:\ProgramData\Microsoft\Windows\Start Menu 0x0A10: INFO: @PROGRAMSCOMMON@ = C:\ProgramData\Microsoft\Windows\Start Menu\ Programs 0x0A10: INFO: @STARTUPCOMMON@ = C:\ProgramData\Microsoft\Windows\Start Menu\P rograms\Startup 0x0A10: INFO: @DESKTOPCOMMON@ = C:\Users\Public\Desktop 0x0A10: INFO: @TEMPLATESCOMMON@ = C:\ProgramData\Microsoft\Windows\Templates 0x0A10: WARNING: Error 0x80004005 from call: VmGetFolderPath( CSIDL_COMMON_FAVOR ITES, psReplacement->GetBuffer(MAX_PATH+1)) 0x0A10: INFO: @FAVORITESCOMMON@ = 0x0A10: INFO: @DOCUMENTSCOMMON@ = C:\Users\Public\Documents 0x0A10: INFO: @MUSICCOMMON@ = C:\Users\Public\Music 0x0A10: INFO: @PICTURESCOMMON@ = C:\Users\Public\Pictures 0x0A10: INFO: Got raw folders. Time consumed so far: 15 ms. 0x0A10: INFO: Adding alias mapping from \??\C: to \Device\HarddiskVolume1 0x0A10: INFO: Adding alias mapping from \??\C:\Windows\system32 to \Device\Ha rddiskVolume1\Windows\SysWOW64 0x0A10: INFO: Adding alias mapping from \REGISTRY\USER\S-1-5-21-4048755273-30 07554995-782353158-1001_Classes to \REGISTRY\USER\S-1-5-21-4048755273-3007554995 -782353158-1001\SOFTWARE\CLASSES 0x0A10: INFO: Adding alias mapping from \REGISTRY\USER\S-1-5-18 to \REGISTRY\ USER\.DEFAULT 0x0A10: INFO: Adding alias mapping from \REGISTRY\USER\S-1-5-21-4048755273-30 07554995-782353158-1001_Classes\Wow6432Node to \REGISTRY\USER\S-1-5-21-404875527 3-3007554995-782353158-1001\SOFTWARE\CLASSES 0x0A10: INFO: Adding alias mapping from \REGISTRY\MACHINE\SOFTWARE\CLASSES\Wo w6432Node to \REGISTRY\MACHINE\SOFTWARE\CLASSES 0x0A10: INFO: Adding alias mapping from \REGISTRY\MACHINE\SOFTWARE\Wow6432Nod e to \REGISTRY\MACHINE\SOFTWARE

0x0A10: INFO: Got alternative paths. Time consumed so far: 15 ms. 0x0A10: INFO: Finished directory info. Time consumed so far: 15 ms. 0x0A10: INFO: Duplicate file Microsoft.VC80.CRT.manifest will not be added as it is at lower layer. 0x0A10: INFO: Duplicate file [email protected] will n ot be added as it is at lower layer. 0x0A10: INFO: Duplicate file msvcr80.dll will not be added as it is at lower layer. 0x0A10: INFO: Duplicate file msvcp80.dll will not be added as it is at lower layer. 0x0A10: INFO: Extracted configuration. Time consumed so far: 78 ms. 0x0A10: INFO: Application processed with Xenocode version: 6.1.457 0x0A10: INFO: Wrapping existing handles 0x0A10: INFO: Wrapping Key handle: 0x4. 0x0A10: INFO: Wrapping File handle: 0x10. 0x0A10: INFO: Wrapping Key handle: 0x14. 0x0A10: INFO: Wrapping File handle: 0x1C. 0x0A10: INFO: Wrapping Key handle: 0x2C. 0x0A10: INFO: Wrapping Key handle: 0x30. 0x0A10: INFO: Wrapping File handle: 0x44. 0x0A10: INFO: Wrapping Key handle: 0x48. 0x0A10: INFO: Wrapping Key handle: 0xBC. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x124, Path: \REGISTRY\USER\ S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Windows\Current Version\Explorer\User Shell Folders. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x128, Path: \REGISTRY\MACHI NE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x128. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x124. 0x0A10: INFO: Finished preparing window apis. Time consumed so far: 78 ms. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x13C, Path: \Registry\MACHI NE\System\CurrentControlSet\Control\Session Manager. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: SafeProcessSearchMode, Path: 0x13C: \Registry\MACHINE\System\CurrentContr olSet\Control\Session Manager. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\AdobePiStd.otf. 0x0A10: SUCCESS: Call to New_GdiAddFontResourceW succeeded: Flags: 0x10, Reserve d: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\AdobePiStd.o tf. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\CourierStd.otf. 0x0A10: SUCCESS: Call to New_GdiAddFontResourceW succeeded: Flags: 0x10, Reserve d: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\CourierStd.o tf. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\CourierStd-Bold.otf. 0x0A10: SUCCESS: Call to New_GdiAddFontResourceW succeeded: Flags: 0x10, Reserve d: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\CourierStd-B

old.otf. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\CourierStd-BoldOblique.otf. 0x0A10: SUCCESS: Call to New_GdiAddFontResourceW succeeded: Flags: 0x10, Reserve d: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\CourierStd-B oldOblique.otf. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\CourierStd-Oblique.otf. 0x0A10: SUCCESS: Call to New_GdiAddFontResourceW succeeded: Flags: 0x10, Reserve d: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\CourierStd-O blique.otf. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\MinionPro-Bold.otf. 0x0A10: SUCCESS: Call to New_GdiAddFontResourceW succeeded: Flags: 0x10, Reserve d: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\MinionPro-Bo ld.otf. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\MinionPro-BoldIt.otf. 0x0A10: SUCCESS: Call to New_GdiAddFontResourceW succeeded: Flags: 0x10, Reserve d: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\MinionPro-Bo ldIt.otf. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\MinionPro-It.otf. 0x0A10: SUCCESS: Call to New_GdiAddFontResourceW succeeded: Flags: 0x10, Reserve d: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\MinionPro-It .otf. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\MinionPro-Regular.otf. 0x0A10: SUCCESS: Call to New_GdiAddFontResourceW succeeded: Flags: 0x10, Reserve d: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\MinionPro-Re gular.otf. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\MyriadPro-Bold.otf. 0x0A10: SUCCESS: Call to New_GdiAddFontResourceW succeeded: Flags: 0x10, Reserve d: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\MyriadPro-Bo ld.otf. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\MyriadPro-BoldIt.otf. 0x0A10: SUCCESS: Call to New_GdiAddFontResourceW succeeded: Flags: 0x10, Reserve d: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\MyriadPro-Bo ldIt.otf. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@

PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\MyriadPro-It.otf. 0x0A10: SUCCESS: Call to New_GdiAddFontResourceW succeeded: Flags: 0x10, Reserve d: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\MyriadPro-It .otf. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\MyriadPro-Regular.otf. 0x0A10: SUCCESS: Call to New_GdiAddFontResourceW succeeded: Flags: 0x10, Reserve d: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\MyriadPro-Re gular.otf. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\PFM\SY______.PFM. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\PFM\SY______.PFM. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x1, Param3: 0x20, Param4: 0x0, Param5: 0x0, OutHandle: 0x140, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\PFM\SY______.PFM. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x140: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\PFM\SY__ ____.PFM. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x144, Path: 0x1 40: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12 .1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resourc e\Font\PFM\SY______.PFM. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x32000 0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x144: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x320000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: WARNING: Call to New_GdiAddFontResourceW failed: Flags: 0x10, Reserved: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\PFM\SY______.PF M. 0x0A10: WARNING: Font file C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font \PFM\SY______.PFM failed to load with error: 0. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\PFM\zx______.pfm. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\PFM\zx______.pfm. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x1, Param3: 0x20, Param4: 0x0, Param5: 0x0, OutHandle: 0x140, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\PFM\zx______.pfm. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x140: \Device\Har

ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\PFM\zx__ ____.pfm. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x144, Path: 0x1 40: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12 .1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resourc e\Font\PFM\zx______.pfm. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x32000 0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x144: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x320000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: WARNING: Call to New_GdiAddFontResourceW failed: Flags: 0x10, Reserved: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\PFM\zx______.pf m. 0x0A10: WARNING: Font file C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font \PFM\zx______.pfm failed to load with error: 0. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\PFM\zy______.pfm. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\PFM\zy______.pfm. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x1, Param3: 0x20, Param4: 0x0, Param5: 0x0, OutHandle: 0x140, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\PFM\zy______.pfm. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x140: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\PFM\zy__ ____.pfm. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x144, Path: 0x1 40: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12 .1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resourc e\Font\PFM\zy______.pfm. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x32000 0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x144: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x320000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: WARNING: Call to New_GdiAddFontResourceW failed: Flags: 0x10, Reserved: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\PFM\zy______.pf m. 0x0A10: WARNING: Font file C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font \PFM\zy______.pfm failed to load with error: 0. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\SY______.PFB.

0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\SY______.PFB. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x1, Param3: 0x20, Param4: 0x0, Param5: 0x0, OutHandle: 0x140, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\SY______.PFB. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x140: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\SY______ .PFB. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x144, Path: 0x1 40: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12 .1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resourc e\Font\SY______.PFB. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x32000 0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x9000, Path: 0x144: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x320000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: WARNING: Call to New_GdiAddFontResourceW failed: Flags: 0x10, Reserved: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\SY______.PFB. 0x0A10: WARNING: Font file C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font \SY______.PFB failed to load with error: 0. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\ZX______.PFB. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\ZX______.PFB. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x1, Param3: 0x20, Param4: 0x0, Param5: 0x0, OutHandle: 0x140, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\ZX______.PFB. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x140: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\ZX______ .PFB. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x144, Path: 0x1 40: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12 .1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resourc e\Font\ZX______.PFB. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x32000 0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x13000, Path: 0x144: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x320000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140.

0x0A10: WARNING: Call to New_GdiAddFontResourceW failed: Flags: 0x10, Reserved: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\ZX______.PFB. 0x0A10: WARNING: Font file C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font \ZX______.PFB failed to load with error: 0. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\ZY______.PFB. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\ZY______.PFB. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x1, Param3: 0x20, Param4: 0x0, Param5: 0x0, OutHandle: 0x140, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\ZY______.PFB. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x140: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\ZY______ .PFB. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x144, Path: 0x1 40: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12 .1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resourc e\Font\ZY______.PFB. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x32000 0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x18000, Path: 0x144: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x320000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: WARNING: Call to New_GdiAddFontResourceW failed: Flags: 0x10, Reserved: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\ZY______.PFB. 0x0A10: WARNING: Font file C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font \ZY______.PFB failed to load with error: 0. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x120089, Param 2: 0x3, Param3: 0x20, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F0B40, Path: \Devi ce\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe . 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1C00, Path: 0x3F0B40: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\ SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3C900 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x11B4000, Path: 0x37F1C00: \ Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE .exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3C90000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1C00. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F0B40. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \Device\HarddiskVolum

e1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe.manifest. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x1200A9, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x140, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\SXS\Manifests\SAFE.exe.manifest_0x7EAA851EC697456E60D4C79AE2BA1C15.manifest. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x144, Path: 0x1 40: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12 .1.1.0\2009.05.01T11.29\Virtual\SXS\Manifests\SAFE.exe.manifest_0x7EAA851EC69745 6E60D4C79AE2BA1C15.manifest. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x32000 0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1F000, Path: 0x144: . 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x148: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x140: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\SAFE.exe.manifest_0x7EAA851EC697456E60D4C79AE2BA1 C15.manifest. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x140: \Device \HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009 .05.01T11.29\Virtual\SXS\Manifests\SAFE.exe.manifest_0x7EAA851EC697456E60D4C79AE 2BA1C15.manifest. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x140: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\SAFE.exe.manifest_0x7EAA851EC697456E60D4C79AE2BA1 C15.manifest. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x320000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x10, File: C:\ Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe.manifest, AsmDir: , ResourceName: , AppName: , HMod: 0x0 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\mscoree.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\mscoree .dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Users\MarK\Desktop\mscoree.dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\mscoree.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\system32\mscoree.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x140, Path: 0x 144: \Device\HarddiskVolume1\Windows\SysWOW64\mscoree.dll.

0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x73700 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x4A000, Path: 0x140: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll.

0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll.

0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: INFO: Returning from method New_GetCommandLineA with: "C:\Program Fil es (x86)\Computers and Structures\SAFE 12\SAFE.exe". 0x0A10: INFO: Finished with MapInStartupExe() 0x0A10: INFO: Initialized startup exe. Time consumed so far: 218 ms. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\Des ktop\VmX.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F0B40, Path: \??\C :\Users\MarK\Desktop\VmX.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0007, P aram2: 0x25000, Param3: 0x4, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, P

ath: \Sessions\1\BaseNamedObjects\_xvm_mem_8C9DF666D50A4D841E2DCEE9556484BF_0xE9 566AFC. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x38000 0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x25000, Path: 0x140: \Session s\1\BaseNamedObjects\_xvm_mem_8C9DF666D50A4D841E2DCEE9556484BF_0xE9566AFC. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F1C00, Path : 0x3F0B40: \Device\HarddiskVolume1\Users\MarK\Desktop\VmX.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x 1, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x10000 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x26000, Path: 0x37F1C00: \D evice\HarddiskVolume1\Users\MarK\Desktop\VmX.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Use rs\MarK\Desktop\VmX.dll. 0x0A10: WARNING: New_NtQuerySection failed. Status: 0xC0000022, Param1: 0x2, Par am2: 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Name: , Path: 0x37F1C00: \Devic e\HarddiskVolume1\Users\MarK\Desktop\VmX.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1C00. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F0B40. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x1200A9, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\SXS\Manifests\VmX.dll_0x8C9DF666D50A4D841E2DCEE9556484BF.2.manifest. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x150, Path: 0x1 48: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12 .1.1.0\2009.05.01T11.29\Virtual\SXS\Manifests\VmX.dll_0x8C9DF666D50A4D841E2DCEE9 556484BF.2.manifest. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x32000 0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x150: . 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x14C, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x14C: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x148: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\VmX.dll_0x8C9DF666D50A4D841E2DCEE9556484BF.2.mani fest. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x148: \Device \HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009 .05.01T11.29\Virtual\SXS\Manifests\VmX.dll_0x8C9DF666D50A4D841E2DCEE9556484BF.2. manifest. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x148: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\VmX.dll_0x8C9DF666D50A4D841E2DCEE9556484BF.2.mani fest.

0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x320000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x88, File: C:\ Users\MarK\Desktop\VmX.dll, AsmDir: , ResourceName: Int Resource: 2, AppName: , HMod: 0x10000000 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0xF, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \KnownDlls3 2\WS2_32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x76AD0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x35000, Path: 0x150: \Known Dlls32\WS2_32.dll. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150: \KnownDlls32\WS2_32.d ll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0xF, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \KnownDlls3 2\NSI.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x77720 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x6000, Path: 0x150: \KnownD lls32\NSI.dll. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150: \KnownDlls32\NSI.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x148, Path: 0x1 50: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x148: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x148, Path: 0x1

50: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x148: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x148, Path: 0x1 50: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x148: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x148, Path: 0x1 50: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x148: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x148, Path: 0x1

50: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x148: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x9, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \REGISTRY\MACHI NE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Dll NXOptions. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: UseFilter, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\C urrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: VmX.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Cur rentVersion\Image File Execution Options\DllNXOptions. 0x0A10: INFO: Returning from method New_GetCommandLineA with: "C:\Program Fil es (x86)\Computers and Structures\SAFE 12\SAFE.exe". 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \Registry\M achine\System\CurrentControlSet\Control\ComputerName\ActiveComputerName. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x1, Param 2: 0x80, Param3: 0x40, Param4: 0x0, Param5: 0x0, Name: ComputerName, Path: 0x148 : \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \Registry\M achine\System\Setup. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x1, Param 2: 0x80, Param3: 0x34, Param4: 0x0, Param5: 0x0, Name: OOBEInProgress, Path: 0x1 48: \REGISTRY\MACHINE\SYSTEM\Setup. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \Registry\M achine\System\Setup. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x1, Param 2: 0x80, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: SystemSetupInProgress, Pa th: 0x148: \REGISTRY\MACHINE\SYSTEM\Setup. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: INFO: LICENSE: Checking license. 0x0A10: INFO: LICENSE: Checking expiration if can expire. 0x0A10: INFO: LICENSE: Checking days to activate if needs activation. 0x0A10: INFO: LICENSE: Passed. 0x0A10: INFO: Handing off to virtual application code... 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x148: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\.NETFramework\Policy. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x18, Param5: 0x0, Path: 0x148: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x18, Param5: 0x0, Path: 0x148: \REGISTRY\MACHINE\

SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x20, Param5: 0x0, Path: 0x148: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x22, Param5: 0x0, Path: 0x148: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x20, Param5: 0x0, Path: 0x148: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x14C: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0x110, Param4: 0x38, Param5: 0x0, Path: 0x14C: \REGISTRY\MAC HINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\system32\mscoree.dll.local. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x54, Param4: 0x0, Param5: 0x0, Name: InstallRoot, Path: 0x14C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x54, Param4: 0x0, Param5: 0x0, Name: InstallRoot, Path: 0x14C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x14C, Path: \??\C: \Windows\Microsoft.NET\Framework\v4.0.30319\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x76, Param4: 0x1, Param5: 0x0, Name: mscoreei.dll, Path: 0x14C: \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x54, Param4: 0x0, Param5: 0x0, Name: InstallRoot, Path: 0x148: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x54, Param4: 0x0, Param5: 0x0, Name: InstallRoot, Path: 0x148: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C: \Windows\Microsoft.NET\Framework\v4.0.30319\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x76, Param4: 0x1, Param5: 0x0, Name: mscoreei.dll, Path: 0x148: \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x54, Param4: 0x0, Param5: 0x0, Name: InstallRoot, Path: 0x148: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x54, Param4: 0x0, Param5: 0x0, Name: InstallRoot, Path: 0x148: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework.

0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Micros oft.NET\Framework\v4.0.30319\mscoreei.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x 148: \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei .dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x73680 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x67000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x1 48: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x1 48: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148.

0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x1 48: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x1 48: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x1 48: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148.

0x0A10: INFO: Returning from method New_GetCommandLineA with: "C:\Program Fil es (x86)\Computers and Structures\SAFE 12\SAFE.exe". 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: CLRLoadLogDir, Path: 0x14C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Micros oft\.NETFramework. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\system32\mscoree.dll.local. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x54, Param4: 0x0, Param5: 0x0, Name: InstallRoot, Path: 0x14C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x54, Param4: 0x0, Param5: 0x0, Name: InstallRoot, Path: 0x14C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x14C, Path: \??\C: \Windows\Microsoft.NET\Framework\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x60, Param4: 0x1, Param5: 0x0, Name: *, Path: 0x14C: \De vice\HarddiskVolume1\Windows\Microsoft.NET\Framework. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x1000, Param3: 0xD1A, Param4: 0x0, Param5: 0x0, Path: 0x14C: \Device\Ha rddiskVolume1\Windows\Microsoft.NET\Framework. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x120080, Par am2: 0x0, Param3: 0x7, Param4: 0x1, Param5: 0x860, OutHandle: 0x154, Path: \??\C :\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x154. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x120080, Par am2: 0x0, Param3: 0x7, Param4: 0x1, Param5: 0x860, OutHandle: 0x154, Path: \??\C :\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x154. 0x0A10: INFO: New_NtQueryDirectoryFile reports no more data. Status: 0x800000 06, Param1: 0x3, Param2: 0x1000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Name: , Path: 0x14C: \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe.config. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: UseLegacyV2RuntimeActivationPolicyDefaultValue, Path: 0x14C: \REGISTRY\MA CHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: OnlyUseLatestCLR, Path: 0x14C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Mic

rosoft\.NETFramework. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x64, OutHandle: 0x3F0BB8, Path: \ ??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F0BB8: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1C68, P ath: 0x3F0BB8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x41500 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x11B4000, Path: 0x37F1C68: \ Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE .exe. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F0BB8. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x4150000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1C68. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x64, OutHandle: 0x3F0BB8, Path: \ ??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F0BB8: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1C68, P ath: 0x3F0BB8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x41500 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x11B4000, Path: 0x37F1C68: \ Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE .exe. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F0BB8. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x4150000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1C68. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x2000000, Param 2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x14C, Path: \REGISTRY \USER\S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x154. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: NoClientChecks, Path: 0x154: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Micro soft\Fusion. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x154. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x120080, Par

am2: 0x0, Param3: 0x7, Param4: 0x1, Param5: 0x860, OutHandle: 0x154, Path: \??\C :\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x154. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Micros oft.NET\Framework\v2.0.50727\mscorwks.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x154, Path: \??\C:\W indows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x158, Path: 0x 154: \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks .dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x61930 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x5AB000, Path: 0x158: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x154. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x154, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x154: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x154. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x120089, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x154, Path: \??\C:\W indows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x154: \Device \HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x154: \Device\Har ddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x154. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x88, File: C:\ Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, AsmDir: , ResourceName: Int Resource: 2, AppName: , HMod: 0x61930000 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Microsoft\Windows\CurrentVersion\SideBySide\Assembly StorageRoots. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.ex e.Local\. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100020, Param 2: 0x3, Param3: 0x21, Param4: 0x0, Param5: 0x0, OutHandle: 0x154, Path: \??\C:\W indows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154 e044272b9a. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MS

VCR80.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154 e044272b9a\MSVCR80.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x 158: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18 e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x72E20 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x9B000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8

3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8

3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: INFO: Returning from method New_GetCommandLineA with: "C:\Program Fil es (x86)\Computers and Structures\SAFE 12\SAFE.exe". 0x0A10: INFO: Returning from method New_GetCommandLineW with: "C:\Program Fil

es (x86)\Computers and Structures\SAFE 12\SAFE.exe". 0x0A10: INFO: Returning from method New_GetCommandLineW with: "C:\Program Fil es (x86)\Computers and Structures\SAFE 12\SAFE.exe". 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MS VCR80.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C: \. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x6C, Param4: 0x1, Param5: 0x0, Name: Windows, Path: 0x15 8: \Device\HarddiskVolume1\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x15C, Path: \??\C: \Windows\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x6A, Param4: 0x1, Param5: 0x0, Name: WinSxS, Path: 0x15C : \Device\HarddiskVolume1\Windows\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C: \Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d091 54e044272b9a\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x74, Param4: 0x1, Param5: 0x0, Name: MSVCR80.dll, Path: 0x158: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e 18e3b_8.0.50727.6195_none_d09154e044272b9a. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: GCStressStart, Path: 0x158: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Micros oft\.NETFramework. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: GCStressStartAtJit, Path: 0x158: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\M icrosoft\.NETFramework. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: GCStressStart, Path: 0x158: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Micros oft\.NETFramework. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: GCStressStartAtJit, Path: 0x158: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\M icrosoft\.NETFramework. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: INFO: Returning from method New_GetCommandLineW with: "C:\Program Fil es (x86)\Computers and Structures\SAFE 12\SAFE.exe". 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034,

Name: DisableConfigCache, Path: 0x158: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\M icrosoft\.NETFramework. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x78, Param5: 0x0, Path: 0x158: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework. 0x0A10: INFO: New_NtEnumerateValueKey reports no more data. Status: 0x8000001 A, Param1: 0x1, Param2: 0x1, Param3: 0xDC, Param4: 0x78, Param5: 0x0, Name: , Pa th: 0x158: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Mi crosoft.NET\Framework\v4.0.30319. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x164. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x168. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x168, Path: \?? \C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x FFF, Param3: 0xFFF, Param4: 0x0, Param5: 0x0, Path: 0x168: \Device\HarddiskVolum e1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 186B, Param3: 0x186B, Param4: 0x0, Param5: 0x0, Path: 0x168: \Device\HarddiskVol ume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1076, Param3: 0x1076, Param4: 0x0, Param5: 0x0, Path: 0x168: \Device\HarddiskVol ume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 100D, Param3: 0x100D, Param4: 0x0, Param5: 0x0, Path: 0x168: \Device\HarddiskVol ume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1066, Param3: 0x1066, Param4: 0x0, Param5: 0x0, Path: 0x168: \Device\HarddiskVol ume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x168. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe.config. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: CacheLocation, Path: 0x164: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x164. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: DownloadCacheQuotaInKB, Path: 0x164: \REGISTRY\MACHINE\SOFTWARE\Microsoft \Fusion. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x164. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: EnableLog, Path: 0x168: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: LoggingLevel, Path: 0x168: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: ForceLog, Path: 0x168: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion.

0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: LogFailures, Path: 0x168: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: VersioningLog, Path: 0x168: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: LogResourceBinds, Path: 0x168: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusio n. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: UseLegacyIdentityFormat, Path: 0x168: \REGISTRY\MACHINE\SOFTWARE\Microsof t\Fusion. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: DisableMSIPeek, Path: 0x168: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: NoClientChecks, Path: 0x168: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x168. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: DevOverrideEnable, Path: 0x168: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Wind ows NT\CurrentVersion\Image File Execution Options. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x168. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x168. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x164. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0007, P aram2: 0xFB8, Param3: 0x4, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x164, Pat h: \Sessions\1\BaseNamedObjects\Global\Cor_Private_IPCBlock_4344. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x164: \BaseName dObjects\Cor_Private_IPCBlock_4344. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x168. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x16C. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0007, P aram2: 0x134, Param3: 0x4, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x16C, Pat h: \Sessions\1\BaseNamedObjects\Global\Cor_Public_IPCBlock_4344. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3C000 0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x16C: \BaseName dObjects\Cor_Public_IPCBlock_4344. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x61E8C000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x61E8C000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x61E8C000, Param3: 0x2, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtDuplicateObject succeeded. Status: 0x0, Param1: 0xFFFFFF FF, Param2: 0xFFFFFFFF, Param3: 0x0, Param4: 0x0, Param5: 0x2, OutHandle: 0x1B0, Path: 0xFFFFFFFE: . 0x0A10: INFO: New_NtClose given invalid handle: Handle: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x18EFCC, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x18EFD8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x91000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x1284: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F4FF38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x1284: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF

FFFFF, Param2: 0x3E51000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x20, Param5: 0x0, Path: 0x1C4: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPer missionSets. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2A, Param5: 0x0, Path: 0x1C4: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPer missionSets. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x1C4: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Po licy\Extensions\NamedPermissionSets. 0x0A10: INFO: New_NtEnumerateValueKey reports no more data. Status: 0x8000001 A, Param1: 0x0, Param2: 0x1, Param3: 0x20A, Param4: 0x0, Param5: 0x0, Name: , Pa th: 0x1C4: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Securi ty\Policy\Extensions\NamedPermissionSets. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2E, Param5: 0x0, Path: 0x1C8: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPer missionSets\Internet. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x38, Param5: 0x0, Path: 0x1C8: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPer missionSets\Internet. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Po licy\Extensions\NamedPermissionSets\Internet. 0x0A10: INFO: New_NtEnumerateValueKey reports no more data. Status: 0x8000001 A, Param1: 0x0, Param2: 0x1, Param3: 0x20A, Param4: 0x1BF4E90, Param5: 0x0, Name : , Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\ Security\Policy\Extensions\NamedPermissionSets\Internet. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1C8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2E, Param5: 0x0, Path: 0x1C8: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPer missionSets\LocalIntranet. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x38, Param5: 0x0, Path: 0x1C8: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPer missionSets\LocalIntranet. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Po licy\Extensions\NamedPermissionSets\LocalIntranet. 0x0A10: INFO: New_NtEnumerateValueKey reports no more data. Status: 0x8000001 A, Param1: 0x0, Param2: 0x1, Param3: 0x20A, Param4: 0x1BF4E98, Param5: 0x0, Name : , Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\ Security\Policy\Extensions\NamedPermissionSets\LocalIntranet. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1C8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1C4. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch .

0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.confi g. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.confi g.cch. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1C8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1C4. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0x6, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x1C4, Path: \Sessions\1 \BaseNamedObjects\windows_shell_global_counters. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x1CC00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x1C4: \Session s\1\BaseNamedObjects\windows_shell_global_counters. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1C8. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Category, Path: 0x1CC: \R EGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\F olderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x1C, Param4: 0x0, Param5: 0x0, Name: Name, Path: 0x1CC: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Folde rDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: ParentFolder, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microso ft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E 3EF65729F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Description, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsof t\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3 EF65729F3D}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x2C, Param4: 0x0, Param5: 0x0, Name: RelativePath, Path: 0x1CC : \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explor er\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: ParsingName, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsof t\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3 EF65729F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: InfoTip, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Wi ndows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65 729F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: LocalizedName, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Micros oft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03AE3EF65729F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Icon, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windo

ws\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729 F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Security, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\W indows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF6 5729F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: StreamResource, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Micro soft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A -E3EF65729F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: StreamResourceType, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\M icrosoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6A03A-E3EF65729F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: LocalRedirectOnly, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Mi crosoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A 03A-E3EF65729F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Roamable, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\W indows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF6 5729F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreCreate, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF 65729F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Stream, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Win dows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF657 29F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PublishExpandedPath, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\ Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6 -A03A-E3EF65729F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Attributes, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft \Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3E F65729F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: FolderTypeID, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microso ft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E 3EF65729F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: InitFolderHandler, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Mi crosoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A 03A-E3EF65729F3D}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1CC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1CC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1C8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1C8. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x1C8, Path: \REGISTRY\U SER\S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1C8. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param

2: 0x90, Param3: 0x48, Param4: 0x0, Param5: 0x0, Name: AppData, Path: 0x1D0: \RE GISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Win dows\CurrentVersion\Explorer\User Shell Folders. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1D0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1D0. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Category, Path: 0x1C8: \R EGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\F olderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x1C, Param4: 0x0, Param5: 0x0, Name: Name, Path: 0x1C8: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Folde rDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: ParentFolder, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microso ft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-E A3317B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Description, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsof t\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA 3317B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: RelativePath, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microso ft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-E A3317B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: ParsingName, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsof t\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA 3317B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: InfoTip, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Wi ndows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317 B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: LocalizedName, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Micros oft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Icon, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windo ws\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67 173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Security, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\W indows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA331 7B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: StreamResource, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Micro soft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE -EA3317B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: StreamResourceType, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\M icrosoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-47609AFE-EA3317B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: LocalRedirectOnly, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Mi crosoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9 AFE-EA3317B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034,

Name: Roamable, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\W indows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA331 7B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreCreate, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA33 17B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Stream, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Win dows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B 67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PublishExpandedPath, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\ Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760 -9AFE-EA3317B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Attributes, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft \Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3 317B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: FolderTypeID, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microso ft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-E A3317B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: InitFolderHandler, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Mi crosoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9 AFE-EA3317B67173}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1C8. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x28, Param4: 0x0, Param5: 0x0, Name: ProfileImagePath, Path: 0 x1D0: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList \S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x28, Param4: 0x0, Param5: 0x0, Name: ProfileImagePath, Path: 0 x1D0: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList \S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1D0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1C8. 0x0A10: WARNING: New_NtCreateFile failed. Status: 0xC0000035, Param1: 0x100001, Param2: 0x80, Param3: 0x3, Param4: 0x2, Param5: 0x204021, Name: , Path: \??\C:\U sers\MarK. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK. 0x0A10: WARNING: New_NtCreateFile failed. Status: 0xC0000035, Param1: 0x100001, Param2: 0x80, Param3: 0x3, Param4: 0x2, Param5: 0x204021, Name: , Path: \??\C:\U sers\MarK\AppData\Roaming. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Roaming. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC000003A, Pa th: \??\C:\Users\MarK\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.3 12\security.config. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC000003A, Pa th: \??\C:\Users\MarK\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.3 12\security.config.cch. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: LatestIndex, Path: 0x200:

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: LatestIndex, Path: 0x204: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x208, Path: \??\ C:\Windows\assembly\NativeImages_v2.0.50727_32\index3f0.dat. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x26, Param4: 0x0, Param5: 0x0, Name: NIUsageMask, Path: 0x20C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\ind ex3f0. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x28, Param4: 0x0, Param5: 0x0, Name: ILUsageMask, Path: 0x20C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\ind ex3f0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x200. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x12, Param5: 0x0, Path: 0x200: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x1, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x200: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_3 2\NI\181938c6\7950e2c5. 0x0A10: INFO: New_NtEnumerateValueKey reports no more data. Status: 0x8000001 A, Param1: 0x0, Param2: 0x1, Param3: 0x20A, Param4: 0x0, Param5: 0x0, Name: , Pa th: 0x200: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50 727_32\NI\181938c6\7950e2c5. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x200. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x52, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x200: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\ 181938c6\7950e2c5\8. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: ConfigMask, Path: 0x200: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1 81938c6\7950e2c5\8. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0xE, Param4: 0x0, Param5: 0x0, Name: ConfigString, Path: 0x200: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\ 181938c6\7950e2c5\8. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x1C, Param4: 0x0, Param5: 0x0, Name: MVID, Path: 0x200: \REGIS TRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c 6\7950e2c5\8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x200. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: EvalationData, Path: 0x200: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\N ativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\8. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x200: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\18193 8c6\7950e2c5\8. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x20, Param4: 0x0, Param5: 0x0, Name: ILDependencies, Path: 0x2 00: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\

NI\181938c6\7950e2c5\8. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: NIDependencies, Path: 0x200: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\ NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\8. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: MissingDependencies, Path: 0x200: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fu sion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x200. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x52, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x200: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 7950e2c5\736b60a5\8. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x200: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e 2c5\736b60a5\8. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x12C, Param4: 0x0, Param5: 0x0, Name: Modules, Path: 0x200: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIn dex\v2.0.50727_32\IL\7950e2c5\736b60a5\8. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x12C, Param3: 0x12C, Param4: 0x0, Param5: 0x0, Name: Modules, Path: 0x200: \ REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\79 50e2c5\736b60a5\8. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x200: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5 \736b60a5\8. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x200: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 7950e2c5\736b60a5\8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x200. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000100, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x200, Path: \REGIST RY\MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: mscorlib,2.0.0.0,,b77a5c5 61934e089,x86, Path: 0x200: \REGISTRY\MACHINE\Software\Microsoft\Fusion\GACChang eNotification\Default. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib .ni.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d 22c5\mscorlib.ni.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x214, Path: 0x 20C: \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\mscorli b\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x60E30 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xAF8000, Path: 0x214: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214: .

0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x214, Path: 0x2 0C: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3F800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x214: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F80000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x214, Path: 0x2 0C: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3F800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x214: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F80000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x214, Path: 0x2 0C: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3F800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x214: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F80000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0.

0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x214, Path: 0x2 0C: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3F800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x214: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F80000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x214, Path: 0x2 0C: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3F800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x214: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F80000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C: \Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: mscorlib.INI, Path: 0x20C: \Device\HarddiskVolume1\Windows\assembly\ GAC_32\mscorlib\2.0.0.0__b77a5c561934e089. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param

2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F0D48, Path: \?? \C:\Program Files (x86)\Computers and Structures\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x6C, Param4: 0x1, Param5: 0x0, Name: SAFE 12, Path: 0x3F 0D48: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F0D48. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F0D48, Path: \?? \C:\Program Files (x86)\Computers and Structures\SAFE 12\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x6E, Param4: 0x1, Param5: 0x0, Name: SAFE.exe, Path: 0x3 F0D48: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F0D48. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C: \. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x84, Param4: 0x1, Param5: 0x0, Name: Program Files (x86) , Path: 0x20C: \Device\HarddiskVolume1\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x214, Path: \??\C: \Program Files (x86)\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x8E, Param4: 0x1, Param5: 0x0, Name: Computers and Struc tures, Path: 0x214: \Device\HarddiskVolume1\Program Files (x86)\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F0D48, Path: \?? \C:\Program Files (x86)\Computers and Structures\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x6C, Param4: 0x1, Param5: 0x0, Name: SAFE 12, Path: 0x3F 0D48: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F0D48. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Micros oft.NET\Framework\v2.0.50727\mscorsec.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x214, Path: 0x 20C: \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec

.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x64020 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x13000, Path: 0x214: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x20C: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x120089, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x20C: \Device \HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x20C: \Device\Har ddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x88, File: C:\ Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll, AsmDir: , ResourceName: Int Resource: 2, AppName: , HMod: 0x64020000 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Microsoft\Windows\CurrentVersion\SideBySide\Assembly StorageRoots. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.ex e.Local\. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100020, Param 2: 0x3, Param3: 0x21, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154 e044272b9a. 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0xF, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x214, Path: \KnownDlls3 2\WINTRUST.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x755A0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x2D000, Path: 0x214: \Known Dlls32\WINTRUST.dll. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214: \KnownDlls32\WINTRUST .dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0xF, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x214, Path: \KnownDlls3 2\CRYPT32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x75480 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x11D000, Path: 0x214: \Know

nDlls32\CRYPT32.dll. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214: \KnownDlls32\CRYPT32. dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0xF, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x214, Path: \KnownDlls3 2\MSASN1.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x75470 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xC000, Path: 0x214: \KnownD lls32\MSASN1.dll. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214: \KnownDlls32\MSASN1.d ll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\COMCTL32.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x214, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\COMCTL32.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x218, Path: 0x 214: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-control s_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x749A0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x84000, Path: 0x218: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x218: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x218. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: DebugHeapFlags, Path: 0x214: \REGISTRY\MACHINE\SYSTEM\ControlSet001\servi ces\crypt32. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: INFO: Returning from method New_GetCommandLineA with: "C:\Program Fil es (x86)\Computers and Structures\SAFE 12\SAFE.exe". 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x228. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x228. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x228, Path: \REGISTRY\U SER\S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x228. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: mscorsec.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows N T\CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\RichEd20.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\RichEd2

0.dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\RichEd20.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x228, Path: \??\C:\W indows\system32\RichEd20.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x22C, Path: 0x 228: \Device\HarddiskVolume1\Windows\SysWOW64\riched20.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5AE50 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x76000, Path: 0x22C: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x22C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x22C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x228. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: mscorlib.ni.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Window s NT\CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x5AE50000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x26, Param4: 0x0, Param5: 0x0, Name: $DLL, Path: 0x228: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certific ate\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x3E, Param4: 0x0, Param5: 0x0, Name: $Function, Path: 0x228: \ REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cer tificate\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x228. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x26, Param4: 0x0, Param5: 0x0, Name: $DLL, Path: 0x228: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPol icy\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x24, Param4: 0x0, Param5: 0x0, Name: $Function, Path: 0x228: \ REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Fin alPolicy\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x228. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x26, Param4: 0x0, Param5: 0x0, Name: $DLL, Path: 0x228: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initiali zation\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: $Function, Path: 0x228: \ REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Ini tialization\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x228. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x26, Param4: 0x0, Param5: 0x0, Name: $DLL, Path: 0x228: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\ {31D1ADC1-D329-11D1-8ED8-0080C76516C6}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param

2: 0x90, Param3: 0x32, Param4: 0x0, Param5: 0x0, Name: $Function, Path: 0x228: \ REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Mes sage\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x228. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x26, Param4: 0x0, Param5: 0x0, Name: $DLL, Path: 0x228: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signatur e\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x36, Param4: 0x0, Param5: 0x0, Name: $Function, Path: 0x228: \ REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Sig nature\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x228. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x26, Param4: 0x0, Param5: 0x0, Name: $DLL, Path: 0x228: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertChec k\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x2E, Param4: 0x0, Param5: 0x0, Name: $Function, Path: 0x228: \ REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cer tCheck\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x228. 0x0A10: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x0, Param1: 0 x2, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214: . 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\CRYPTSP.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\CRYPTSP .dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\CRYPTSP.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x228, Path: \??\C:\W indows\system32\CRYPTSP.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x22C, Path: 0x 228: \Device\HarddiskVolume1\Windows\SysWOW64\cryptsp.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x6DEF0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x16000, Path: 0x22C: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x22C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x22C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x228. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Type, Path: 0x228: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Micros oft Enhanced RSA and AES Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x228: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Enhanced RSA and AES Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x228: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\

Microsoft Enhanced RSA and AES Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x228: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Enhanced RSA and AES Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x228: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Enhanced RSA and AES Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\rsaenh.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x22C, Path: \??\C:\W indows\system32\rsaenh.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x230, Path: 0x2 2C: \Device\HarddiskVolume1\Windows\SysWOW64\rsaenh.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B500 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x3C000, Path: 0x230: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B50000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x22C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\rsaenh.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x22C, Path: \??\C:\W indows\system32\rsaenh.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x230, Path: 0x2 2C: \Device\HarddiskVolume1\Windows\SysWOW64\rsaenh.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B500 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x3C000, Path: 0x230: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B50000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x22C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\rsaenh.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x22C, Path: \??\C:\W indows\system32\rsaenh.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x230, Path: 0x2 2C: \Device\HarddiskVolume1\Windows\SysWOW64\rsaenh.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B500 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x3C000, Path: 0x230: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B50000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x22C.

0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\rsaenh.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x22C, Path: \??\C:\W indows\system32\rsaenh.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x230, Path: 0x2 2C: \Device\HarddiskVolume1\Windows\SysWOW64\rsaenh.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B500 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x3C000, Path: 0x230: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B50000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x22C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\rsaenh.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x22C, Path: \?? \C:\Windows\system32\rsaenh.dll. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x22C: \Device\Har ddiskVolume1\Windows\SysWOW64\rsaenh.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x230, Path: 0x22C: \Device\HarddiskVolume1\Windows\SysWOW64\rsaenh.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B500 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x3C000, Path: 0x230: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B50000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x22C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\rsaenh.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x22C, Path: \??\C:\W indows\system32\rsaenh.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x230, Path: 0x 22C: \Device\HarddiskVolume1\Windows\SysWOW64\rsaenh.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x6DEB0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x3B000, Path: 0x230: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x22C. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x22C, Path: \Registry\Machi ne\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x14, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Enabled, Path: 0x22C: \RE GISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy.

0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x230, Path: \Registry\Machi ne\System\CurrentControlSet\Control\Lsa. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: FipsAlgorithmPolicy, Path: 0x230: \REGISTRY\MACHINE\SYSTEM\ControlSet001\ Control\Lsa. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x22C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Conf iguration. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PrivKeyCacheMaxItems, Path: 0x230: \REGISTRY\MACHINE\SOFTWARE\Policies\Mi crosoft\Cryptography. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PrivKeyCachePurgeIntervalSeconds, Path: 0x230: \REGISTRY\MACHINE\SOFTWARE \Policies\Microsoft\Cryptography. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PrivateKeyLifetimeSeconds, Path: 0x230: \REGISTRY\MACHINE\SOFTWARE\Polici es\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x230: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x230: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x230: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x230: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x20, Param4: 0x0, Param5: 0x0, OutHandle: 0x230, Path: \Device\ KsecDD. 0x0A10: SUCCESS: New_NtDeviceIoControlFile succeeded. Status: 0x0, Param1: 0x39 0008, Param2: 0x30, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230: \Device\ KsecDD. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x228. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x228. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x2000000, Param 2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x228, Path: \REGISTRY \USER. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x234, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Windows \CurrentVersion\WinTrust\Trust Providers\Software Publishing. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x22C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param

2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: State, Path: 0x234: \REGI STRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Windo ws\CurrentVersion\WinTrust\Trust Providers\Software Publishing. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x234. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x234. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x234. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x18, Param4: 0x0, Param5: 0x0, Name: Safety Warning Level, Pat h: 0x22C: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\ Microsoft\Internet Explorer\Security. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x22C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x22C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x22C. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: DiagLevel, Path: 0x234: \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\c rypt32. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: DiagMatchAnyMask, Path: 0x234: \REGISTRY\MACHINE\SYSTEM\ControlSet001\ser vices\crypt32. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x234. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x234: \REGISTRY\MACHIN E\SYSTEM\ControlSet001\services\crypt32. 0x0A10: SUCCESS: New_NtDuplicateObject succeeded. Status: 0x0, Param1: 0xFFFFFF FF, Param2: 0xFFFFFFFF, Param3: 0x0, Param4: 0x0, Param5: 0x6, OutHandle: 0x244, Path: 0x240: . 0x0A10: SUCCESS: New_NtDuplicateObject succeeded. Status: 0x0, Param1: 0xFFFFFF FF, Param2: 0xFFFFFFFF, Param3: 0x0, Param4: 0x0, Param5: 0x6, OutHandle: 0x254, Path: 0x250: . 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x1, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x1174: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x624FD9C, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x1174: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x624FDA8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x1174: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6151000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x3F2C88, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1C68, P ath: 0x3F2C88: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x64500 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xA00000, Path: 0x37F1C68: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE. exe.

0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6450000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1C68. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x25C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x264, Path: \Registry\M achine\System\CurrentControlSet\Control\Nls\CustomLocale. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: en-US, Path: 0x264: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Cu stomLocale. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x264. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x264, Path: \Registry\M achine\System\CurrentControlSet\Control\Nls\ExtendedLocale. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: en-US, Path: 0x264: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Ex tendedLocale. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x264. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x264: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x268: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDa taMsg\{000C10F1-0000-0000-C000-000000000046}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x36, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{000C10F1-0000-0000-C000-000000000046}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x56, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{000C10F1-0000-0000-C000-000000000046}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x264: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x268: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDa taMsg\{06C9E010-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{06C9E010-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4A, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{06C9E010-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2

: 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x264: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x268: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDa taMsg\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4A, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x264: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x268: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDa taMsg\{1A610570-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{1A610570-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4A, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{1A610570-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x264: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x268: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDa taMsg\{603BCC1F-4B59-4E08-B724-D2C6297EF351}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x46, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{603BCC1F-4B59-4E08-B724-D2C6297EF351}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x90, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{603BCC1F-4B59-4E08-B724-D2C6297EF351}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x264: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x268: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDa

taMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5A, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x264: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x268: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDa taMsg\{AB13F5B1-F718-11D0-82AA-00AA00C065E1}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x30, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{AB13F5B1-F718-11D0-82AA-00AA00C065E1}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x62, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{AB13F5B1-F718-11D0-82AA-00AA00C065E1}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x7, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x264: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x268: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDa taMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0xA8, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x62, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x8, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x264: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x268: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDa taMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P

aram2: 0x1, Param3: 0xDC, Param4: 0x5A, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x9, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x264: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x268: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDa taMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5A, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xA, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x264: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x268: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDa taMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5A, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xB, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x264: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x268: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDa taMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5A, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xC, Param2

: 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x264: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x268: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDa taMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5A, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0xD, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x264: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\Encoding Type 0\CryptSIPDllPutSignedDataMsg. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x264. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x260. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x25C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x260. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x25C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x25C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x264: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDa taMsg\{000C10F1-0000-0000-C000-000000000046}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x36, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{000C10F1-0000-0000-C000-000000000046}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x56, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{000C10F1-0000-0000-C000-000000000046}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSig nedDataMsg.

0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDa taMsg\{06C9E010-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{06C9E010-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4A, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{06C9E010-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDa taMsg\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4A, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDa taMsg\{1A610570-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{1A610570-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4A, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{1A610570-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDa taMsg\{603BCC1F-4B59-4E08-B724-D2C6297EF351}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x46, Param5: 0x0, Path: 0x270: \REGISTRY\MACH

INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{603BCC1F-4B59-4E08-B724-D2C6297EF351}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x90, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{603BCC1F-4B59-4E08-B724-D2C6297EF351}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDa taMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5A, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDa taMsg\{AB13F5B1-F718-11D0-82AA-00AA00C065E1}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x30, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{AB13F5B1-F718-11D0-82AA-00AA00C065E1}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x62, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{AB13F5B1-F718-11D0-82AA-00AA00C065E1}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x7, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDa taMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0xA8, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x62, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}.

0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x8, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDa taMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5A, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x9, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDa taMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5A, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xA, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDa taMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5A, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xB, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSig nedDataMsg.

0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDa taMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5A, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xC, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDa taMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5A, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0xD, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x26C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\Encoding Type 0\CryptSIPDllGetSignedDataMsg. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x26C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x264: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x264: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x264. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88: \Device\Hard diskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0xF, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x264, Path: \KnownDlls3 2\imagehlp.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x76820 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x2A000, Path: 0x264: \Known Dlls32\IMAGEHLP.dll. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2

: 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x264: \KnownDlls32\IMAGEHLP .dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x264. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1C68, P ath: 0x3F2C88: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x67400 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xA00000, Path: 0x37F1C68: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE. exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x1CE00 00, Param2: 0x0, Param3: 0x0, Param4: 0x11B0000, Param5: 0x4000, Path: 0x37F1C68 : \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\S AFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x1CE0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6740000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1C68. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88: \Device\Hard diskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1C68, P ath: 0x3F2C88: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x67400 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xA00000, Path: 0x37F1C68: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE. exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x1CE00 00, Param2: 0x0, Param3: 0x0, Param4: 0x11B0000, Param5: 0x4000, Path: 0x37F1C68 : \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\S AFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x1CE0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6740000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1C68. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Type, Path: 0x264: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Micros oft Enhanced RSA and AES Cryptographic Provider.

0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x264: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Enhanced RSA and AES Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x264: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Enhanced RSA and AES Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x264: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Enhanced RSA and AES Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x264: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Enhanced RSA and AES Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x268: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x268: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x268: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x268: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x264. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x40, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDIn fo. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1. 3.6.1.4.1.311.44.3.4!7. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x76, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindO IDInfo\1.3.6.1.4.1.311.44.3.4!7. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x62, Param4: 0x0, Param5: 0x0, Name: Name, Path: 0x274: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\Crypt DllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x278, Path: \Registry\Machi ne\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x1, Param 2: 0x214, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: StringCacheGeneration, P ath: 0x278: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettin gs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x2000000, Param 2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x278, Path: \REGISTRY \USER\S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x2001F, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x27C, Path: \REGISTRY\U SER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Classes\Local Setting s\MuiCache\b4\A7EAB198. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtSetValueKey succeeded. Status: 0x0, Param1: 0x0, Param2: 0x7, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LanguageList, Path: 0x27C: \ REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001_CLASSES\Local Settin gs\MuiCache\B4\A7EAB198. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\p2pcollab.dll. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x1, Param 2: 0x214, Param3: 0x9A, Param4: 0x0, Param5: 0x0, Name: @%SystemRoot%\system32\p 2pcollab.dll,-8042, Path: 0x27C: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-7 82353158-1001_CLASSES\Local Settings\MuiCache\B4\A7EAB198. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x27C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x62, Param4: 0x0, Param5: 0x0, Name: Name, Path: 0x274: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\Crypt DllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x27C, Path: \Registry\Machi ne\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x1, Param 2: 0x214, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: StringCacheGeneration, P ath: 0x27C: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettin gs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x27C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x27C. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x2000000, Param 2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x27C, Path: \REGISTRY \USER\S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x2001F, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x278, Path: \REGISTRY\U SER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Classes\Local Setting s\MuiCache\b4\A7EAB198. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x27C. 0x0A10: SUCCESS: New_NtSetValueKey succeeded. Status: 0x0, Param1: 0x0, Param2: 0x7, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LanguageList, Path: 0x278: \ REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001_CLASSES\Local Settin gs\MuiCache\B4\A7EAB198. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\p2pcollab.dll. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x1, Param 2: 0x214, Param3: 0x9A, Param4: 0x0, Param5: 0x0, Name: @%SystemRoot%\system32\p 2pcollab.dll,-8042, Path: 0x278: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-7 82353158-1001_CLASSES\Local Settings\MuiCache\B4\A7EAB198. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278.

0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x274. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x40, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDIn fo. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1. 3.6.1.4.1.311.47.1.1!7. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x70, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindO IDInfo\1.3.6.1.4.1.311.47.1.1!7. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x5C, Param4: 0x0, Param5: 0x0, Name: Name, Path: 0x274: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\Crypt DllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x278, Path: \Registry\Machi ne\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x1, Param 2: 0x214, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: StringCacheGeneration, P ath: 0x278: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettin gs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x2000000, Param 2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x278, Path: \REGISTRY \USER\S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x2001F, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x27C, Path: \REGISTRY\U SER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Classes\Local Setting s\MuiCache\b4\A7EAB198. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtSetValueKey succeeded. Status: 0x0, Param1: 0x0, Param2: 0x7, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LanguageList, Path: 0x27C: \ REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001_CLASSES\Local Settin gs\MuiCache\B4\A7EAB198. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\system32\qagentrt.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x27C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x274. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x40, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDIn fo. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1. 3.6.1.4.1.311.64.1.1!7.

0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x6E, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindO IDInfo\1.3.6.1.4.1.311.64.1.1!7. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x5A, Param4: 0x0, Param5: 0x0, Name: Name, Path: 0x274: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\Crypt DllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x27C, Path: \Registry\Machi ne\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x1, Param 2: 0x214, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: StringCacheGeneration, P ath: 0x27C: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettin gs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x27C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x27C. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x2000000, Param 2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x27C, Path: \REGISTRY \USER\S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x2001F, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x278, Path: \REGISTRY\U SER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Classes\Local Setting s\MuiCache\b4\A7EAB198. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x27C. 0x0A10: SUCCESS: New_NtSetValueKey succeeded. Status: 0x0, Param1: 0x0, Param2: 0x7, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LanguageList, Path: 0x278: \ REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001_CLASSES\Local Settin gs\MuiCache\B4\A7EAB198. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\dnsapi.dll. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x1, Param 2: 0x214, Param3: 0xDA, Param4: 0x0, Param5: 0x0, Name: @%SystemRoot%\system32\d nsapi.dll,-103, Path: 0x278: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-78235 3158-1001_CLASSES\Local Settings\MuiCache\B4\A7EAB198. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x5A, Param4: 0x0, Param5: 0x0, Name: Name, Path: 0x274: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\Crypt DllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x278, Path: \Registry\Machi ne\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x1, Param 2: 0x214, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: StringCacheGeneration, P ath: 0x278: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettin gs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x2000000, Param 2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x278, Path: \REGISTRY \USER\S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x2001F, Param2:

0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x27C, Path: \REGISTRY\U SER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Classes\Local Setting s\MuiCache\b4\A7EAB198. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtSetValueKey succeeded. Status: 0x0, Param1: 0x0, Param2: 0x7, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LanguageList, Path: 0x27C: \ REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001_CLASSES\Local Settin gs\MuiCache\B4\A7EAB198. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\dnsapi.dll. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x1, Param 2: 0x214, Param3: 0xDA, Param4: 0x0, Param5: 0x0, Name: @%SystemRoot%\system32\d nsapi.dll,-103, Path: 0x27C: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-78235 3158-1001_CLASSES\Local Settings\MuiCache\B4\A7EAB198. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x27C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x274. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x3, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x26C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\Encoding Type 0\CryptDllFindOIDInfo. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x26C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x264. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0.

0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0.

0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\ncrypt.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\ncrypt. dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\ncrypt.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x264, Path: \??\C:\W indows\system32\ncrypt.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x268, Path: 0x 264: \Device\HarddiskVolume1\Windows\SysWOW64\ncrypt.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x73A00 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x38000, Path: 0x268: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x264. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\bcrypt.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\bcrypt. dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\bcrypt.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x264, Path: \??\C:\W indows\system32\bcrypt.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x268, Path: 0x 264: \Device\HarddiskVolume1\Windows\SysWOW64\bcrypt.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74090 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x17000, Path: 0x268: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x264. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100003, Param 2: 0x7, Param3: 0x20, Param4: 0x0, Param5: 0x0, OutHandle: 0x270, Path: \Device\ KsecDD. 0x0A10: SUCCESS: New_NtDeviceIoControlFile succeeded. Status: 0x0, Param1: 0x39 0402, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270: \Device\K secDD. 0x0A10: INFO: New_NtDeviceIoControlFile reports insufficient buffer. Status: 0x80000005, Param1: 0x390402, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0

, Name: , Path: 0x270: \Device\KsecDD. 0x0A10: SUCCESS: New_NtDeviceIoControlFile succeeded. Status: 0x0, Param1: 0x39 0402, Param2: 0xD8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270: \Device\ KsecDD. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\SysWOW 64\bcryptprimitives.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x278, Path: \??\C:\W indows\SysWOW64\bcryptprimitives.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x280, Path: 0x 278: \Device\HarddiskVolume1\Windows\SysWOW64\bcryptprimitives.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x739C0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x3D000, Path: 0x280: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x278, Path: \Registry\Machi ne\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x14, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Enabled, Path: 0x278: \RE GISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \Registry\Machi ne\System\CurrentControlSet\Control\Lsa. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: FipsAlgorithmPolicy, Path: 0x280: \REGISTRY\MACHINE\SYSTEM\ControlSet001\ Control\Lsa. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Conf iguration. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \Registry\Machi ne\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x14, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Enabled, Path: 0x280: \RE GISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x278, Path: \Registry\Machi ne\System\CurrentControlSet\Control\Lsa. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: FipsAlgorithmPolicy, Path: 0x278: \REGISTRY\MACHINE\SYSTEM\ControlSet001\ Control\Lsa. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Conf iguration. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0

, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x278, Path: \Registry\Machi ne\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x14, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Enabled, Path: 0x278: \RE GISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \Registry\Machi ne\System\CurrentControlSet\Control\Lsa. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: FipsAlgorithmPolicy, Path: 0x280: \REGISTRY\MACHINE\SYSTEM\ControlSet001\ Control\Lsa. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Conf iguration. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \Registry\Machi ne\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x14, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Enabled, Path: 0x280: \RE GISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x278, Path: \Registry\Machi ne\System\CurrentControlSet\Control\Lsa. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: FipsAlgorithmPolicy, Path: 0x278: \REGISTRY\MACHINE\SYSTEM\ControlSet001\ Control\Lsa. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Conf iguration. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x16, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreP rov. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\# 16. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenSt oreProv\#16. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4C, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenSt oreProv\#16. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x18, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\

SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreP rov. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\L dap. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenSt oreProv\Ldap. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4C, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenSt oreProv\Ldap. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x284: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\Encoding Type 0\CertDllOpenStoreProv. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x284. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x278: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x42, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ectEx. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx \1.2.840.113549.1.9.16.1.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObjectEx\1.2.840.113549.1.9.16.1.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObjectEx\1.2.840.113549.1.9.16.1.1. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288.

0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x42, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ectEx. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx \1.2.840.113549.1.9.16.2.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObjectEx\1.2.840.113549.1.9.16.2.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5C, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObjectEx\1.2.840.113549.1.9.16.2.1. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x44, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ectEx. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx \1.2.840.113549.1.9.16.2.11. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObjectEx\1.2.840.113549.1.9.16.2.11. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x62, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObjectEx\1.2.840.113549.1.9.16.2.11. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x44, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ectEx. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx \1.2.840.113549.1.9.16.2.12. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObjectEx\1.2.840.113549.1.9.16.2.12. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObjectEx\1.2.840.113549.1.9.16.2.12. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x42, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ectEx. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW

ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx \1.2.840.113549.1.9.16.2.2. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObjectEx\1.2.840.113549.1.9.16.2.2. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObjectEx\1.2.840.113549.1.9.16.2.2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x42, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ectEx. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx \1.2.840.113549.1.9.16.2.3. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObjectEx\1.2.840.113549.1.9.16.2.3. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x52, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObjectEx\1.2.840.113549.1.9.16.2.3. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x42, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ectEx. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx \1.2.840.113549.1.9.16.2.4. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObjectEx\1.2.840.113549.1.9.16.2.4. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x56, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObjectEx\1.2.840.113549.1.9.16.2.4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x7, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x284: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\Encoding Type 1\CryptDllDecodeObjectEx. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x284. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x278: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\# 2000. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2000. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x62, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2000. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\# 2001. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2001. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x70, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\# 2002. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2002. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x74, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod

eObject\#2002. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\# 2003. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2003. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x70, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2003. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\# 2004. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2004. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x60, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2004. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\# 2005. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2005. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x52, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2005. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj

ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\# 2006. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2006. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x64, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2006. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x7, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\# 2007. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2007. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2007. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x8, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\# 2008. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2008. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x52, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2008. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x9, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\# 2009. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P

aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2009. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x52, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2009. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xA, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\# 2130. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2130. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x58, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2130. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xB, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\# 2221. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2221. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5C, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2221. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xC, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\# 2222. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2222. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod

eObject\#2222. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xD, Param2 : 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1 .3.6.1.4.1.311.12.2.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.12.2.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5C, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.12.2.1. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xE, Param2 : 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1 .3.6.1.4.1.311.12.2.2. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.12.2.2. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.12.2.2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xF, Param2 : 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1 .3.6.1.4.1.311.16.1.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.16.1.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.16.1.1. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x10, Param 2: 0x0, Param3: 0x120, Param4: 0x38, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeOb

ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1 .3.6.1.4.1.311.16.4. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.16.4. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4C, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.16.4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x11, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1 .3.6.1.4.1.311.2.1.10. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.10. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x62, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.10. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x12, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1 .3.6.1.4.1.311.2.1.11. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.11. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x64, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.11. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x13, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1 .3.6.1.4.1.311.2.1.12. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P

aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.12. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.12. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x14, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1 .3.6.1.4.1.311.2.1.15. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.15. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x60, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.15. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x15, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1 .3.6.1.4.1.311.2.1.20. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.20. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x52, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.20. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x16, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1 .3.6.1.4.1.311.2.1.25. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.25. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x52, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod

eObject\1.3.6.1.4.1.311.2.1.25. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x17, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1 .3.6.1.4.1.311.2.1.26. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.26. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x70, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.26. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x18, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1 .3.6.1.4.1.311.2.1.27. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.27. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x74, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.27. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x19, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1 .3.6.1.4.1.311.2.1.28. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.28. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x52, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.28. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1A, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeOb

ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1 .3.6.1.4.1.311.2.1.30. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.30. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x58, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.30. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1B, Param 2: 0x0, Param3: 0x120, Param4: 0x3A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1 .3.6.1.4.1.311.2.1.4. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.4. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x70, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x1C, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0x284: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\Encodin gType 1\CryptDllDecodeObject. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x284. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x278: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerify IndirectData. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndir ectData\{000C10F1-0000-0000-C000-000000000046}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x36, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe

rifyIndirectData\{000C10F1-0000-0000-C000-000000000046}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{000C10F1-0000-0000-C000-000000000046}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerify IndirectData. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndir ectData\{06C9E010-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{06C9E010-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{06C9E010-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerify IndirectData. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndir ectData\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerify IndirectData. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndir ectData\{1A610570-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{1A610570-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{1A610570-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerify IndirectData. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndir ectData\{603BCC1F-4B59-4E08-B724-D2C6297EF351}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x42, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{603BCC1F-4B59-4E08-B724-D2C6297EF351}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x90, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{603BCC1F-4B59-4E08-B724-D2C6297EF351}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerify IndirectData. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndir ectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerify IndirectData. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndir ectData\{AB13F5B1-F718-11D0-82AA-00AA00C065E1}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x30, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{AB13F5B1-F718-11D0-82AA-00AA00C065E1}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x66, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{AB13F5B1-F718-11D0-82AA-00AA00C065E1}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x7, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerify IndirectData. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x

B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndir ectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0xA8, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x66, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x8, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerify IndirectData. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndir ectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x9, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerify IndirectData. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndir ectData\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xA, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerify IndirectData. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndir ectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe

rifyIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xB, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerify IndirectData. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndir ectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xC, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerify IndirectData. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndir ectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0xD, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x284: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\Encoding Type 0\CryptSIPDllVerifyIndirectData. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x284. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x278: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88: \Device\Hard diskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88: \Device\Hard diskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: INFO: New_NtDeviceIoControlFile reports insufficient buffer. Status: 0x80000005, Param1: 0x390402, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0 , Name: , Path: 0x270: \Device\KsecDD. 0x0A10: SUCCESS: New_NtDeviceIoControlFile succeeded. Status: 0x0, Param1: 0x39 0402, Param2: 0xD8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270: \Device\ KsecDD. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1C68, P ath: 0x3F2C88: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x67400 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xA00000, Path: 0x37F1C68: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE. exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x65500 00, Param2: 0x0, Param3: 0x0, Param4: 0xA00000, Param5: 0x100000, Path: 0x37F1C6 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ SAFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6550000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x65500 00, Param2: 0x0, Param3: 0x0, Param4: 0xB00000, Param5: 0x100000, Path: 0x37F1C6 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ SAFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6550000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x65500 00, Param2: 0x0, Param3: 0x0, Param4: 0xC00000, Param5: 0x100000, Path: 0x37F1C6 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ SAFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6550000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x65500 00, Param2: 0x0, Param3: 0x0, Param4: 0xD00000, Param5: 0x100000, Path: 0x37F1C6 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ SAFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6550000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x65500 00, Param2: 0x0, Param3: 0x0, Param4: 0xE00000, Param5: 0x100000, Path: 0x37F1C6 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ SAFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6550000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x65500 00, Param2: 0x0, Param3: 0x0, Param4: 0xF00000, Param5: 0x100000, Path: 0x37F1C6 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ SAFE.exe.

0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6550000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x65500 00, Param2: 0x0, Param3: 0x0, Param4: 0x1000000, Param5: 0x100000, Path: 0x37F1C 68: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12 \SAFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6550000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x40200 00, Param2: 0x0, Param3: 0x0, Param4: 0x1100000, Param5: 0xB4000, Path: 0x37F1C6 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ SAFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x4020000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6740000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1C68. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x42, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ectEx. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx \1.2.840.113549.1.9.16.1.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObjectEx\1.2.840.113549.1.9.16.1.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObjectEx\1.2.840.113549.1.9.16.1.1. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x42, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ectEx. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx \1.2.840.113549.1.9.16.2.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObjectEx\1.2.840.113549.1.9.16.2.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5C, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObjectEx\1.2.840.113549.1.9.16.2.1.

0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x44, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ectEx. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx \1.2.840.113549.1.9.16.2.11. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObjectEx\1.2.840.113549.1.9.16.2.11. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x62, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObjectEx\1.2.840.113549.1.9.16.2.11. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x44, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ectEx. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx \1.2.840.113549.1.9.16.2.12. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObjectEx\1.2.840.113549.1.9.16.2.12. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObjectEx\1.2.840.113549.1.9.16.2.12. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x42, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ectEx. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx \1.2.840.113549.1.9.16.2.2. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObjectEx\1.2.840.113549.1.9.16.2.2. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObjectEx\1.2.840.113549.1.9.16.2.2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x42, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ectEx.

0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx \1.2.840.113549.1.9.16.2.3. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObjectEx\1.2.840.113549.1.9.16.2.3. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x52, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObjectEx\1.2.840.113549.1.9.16.2.3. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x42, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ectEx. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx \1.2.840.113549.1.9.16.2.4. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObjectEx\1.2.840.113549.1.9.16.2.4. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x56, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObjectEx\1.2.840.113549.1.9.16.2.4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x7, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x284: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\Encoding Type 1\CryptDllEncodeObjectEx. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x284. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x278: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#

2000. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2000. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x62, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2000. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\# 2001. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2001. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x70, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\# 2002. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2002. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x74, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2002. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\# 2003. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2003. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P

aram2: 0x1, Param3: 0xDC, Param4: 0x70, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2003. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\# 2004. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2004. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x60, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2004. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\# 2005. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2005. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x52, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2005. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\# 2006. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2006. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x64, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2006. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x7, Param2

: 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\# 2007. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2007. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2007. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x8, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\# 2008. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2008. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x52, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2008. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x9, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\# 2009. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2009. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x52, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2009. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xA, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#

2130. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2130. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x58, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2130. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xB, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\# 2221. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2221. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5C, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2221. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xC, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\# 2222. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2222. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2222. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xD, Param2 : 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1 .3.6.1.4.1.311.12.2.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.12.2.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P

aram2: 0x1, Param3: 0xDC, Param4: 0x5C, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.12.2.1. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xE, Param2 : 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1 .3.6.1.4.1.311.12.2.2. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.12.2.2. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.12.2.2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xF, Param2 : 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1 .3.6.1.4.1.311.16.1.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.16.1.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.16.1.1. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x10, Param 2: 0x0, Param3: 0x120, Param4: 0x38, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1 .3.6.1.4.1.311.16.4. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.16.4. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4C, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.16.4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x11, Param

2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1 .3.6.1.4.1.311.2.1.10. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.10. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x62, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.10. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x12, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1 .3.6.1.4.1.311.2.1.11. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.11. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x64, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.11. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x13, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1 .3.6.1.4.1.311.2.1.12. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.12. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.12. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x14, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1

.3.6.1.4.1.311.2.1.15. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.15. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x60, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.15. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x15, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1 .3.6.1.4.1.311.2.1.20. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.20. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x52, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.20. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x16, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1 .3.6.1.4.1.311.2.1.25. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.25. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x52, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.25. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x17, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1 .3.6.1.4.1.311.2.1.26. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.26. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P

aram2: 0x1, Param3: 0xDC, Param4: 0x70, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.26. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x18, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1 .3.6.1.4.1.311.2.1.27. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.27. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x74, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.27. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x19, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1 .3.6.1.4.1.311.2.1.28. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.28. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x52, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.28. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1A, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1 .3.6.1.4.1.311.2.1.30. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.30. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x58, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.30. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1B, Param

2: 0x0, Param3: 0x120, Param4: 0x3A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1 .3.6.1.4.1.311.2.1.4. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.4. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x70, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x1C, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0x284: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\Encodin gType 1\CryptDllEncodeObject. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x284. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x278: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: INFO: New_NtDeviceIoControlFile reports insufficient buffer. Status: 0x80000005, Param1: 0x390402, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0 , Name: , Path: 0x270: \Device\KsecDD. 0x0A10: SUCCESS: New_NtDeviceIoControlFile succeeded. Status: 0x0, Param1: 0x39 0402, Param2: 0xE0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270: \Device\ KsecDD. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x278: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x278: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: DisableMandatoryBasicConstraints, Path: 0x278: \REGISTRY\MACHINE\SOFTWARE \Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\C onfig. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: DisableCANameConstraints, Path: 0x278: \REGISTRY\MACHINE\SOFTWARE\Microso ft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: DisableUnsupportedCriticalExtensions, Path: 0x278: \REGISTRY\MACHINE\SOFT WARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngi ne\Config. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: MaxAIAUrlCountInCert, Path: 0x278: \REGISTRY\MACHINE\SOFTWARE\Microsoft\C ryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: MaxAIAUrlRetrievalCountPerChain, Path: 0x278: \REGISTRY\MACHINE\SOFTWARE\ Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Co nfig. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: MaxUrlRetrievalByteCount, Path: 0x278: \REGISTRY\MACHINE\SOFTWARE\Microso ft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: MaxAIAUrlRetrievalByteCount, Path: 0x278: \REGISTRY\MACHINE\SOFTWARE\Micr osoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config . 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: MaxAIAUrlRetrievalCertCount, Path: 0x278: \REGISTRY\MACHINE\SOFTWARE\Micr osoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config . 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: CryptnetPreFetchTriggerPeriodSeconds, Path: 0x278: \REGISTRY\MACHINE\SOFT WARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngi ne\Config. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: EnableWeakSignatureFlags, Path: 0x278: \REGISTRY\MACHINE\SOFTWARE\Microso ft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: ChainCacheResyncFiletime, Path: 0x278: \REGISTRY\MACHINE\SOFTWARE\Microso ft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x284, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\My. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x284. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x284. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x28, Param4: 0x0, Param5: 0x0, Name: ProfileImagePath, Path: 0 x280: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList \S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x28, Param4: 0x0, Param5: 0x0, Name: ProfileImagePath, Path: 0 x280: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList \S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x284. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x284. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x284. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x288, Path: \??\C: \Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x60, Param4: 0x1, Param5: 0x0, Name: *, Path: 0x288: \De vice\HarddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\ Certificates. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x1000, Param3: 0x116, Param4: 0x0, Param5: 0x0, Path: 0x288: \Device\Ha rddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\Certifi cates. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x28C, Path: \?? \C:\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\C19B E8CB79A3CA2F7057F7DA1EF5AF0602599CC4. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x28C: \Device\Har ddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\Certific ates\C19BE8CB79A3CA2F7057F7DA1EF5AF0602599CC4. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 338, Param3: 0x338, Param4: 0x0, Param5: 0x0, Path: 0x28C: \Device\HarddiskVolum e1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\C19BE 8CB79A3CA2F7057F7DA1EF5AF0602599CC4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x28C. 0x0A10: INFO: New_NtQueryDirectoryFile reports no more data. Status: 0x800000 06, Param1: 0x3, Param2: 0x1000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Name: , Path: 0x288: \Device\HarddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\System Certificates\My\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x288, Path: \??\C: \Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x60, Param4: 0x1, Param5: 0x0, Name: *, Path: 0x288: \De vice\HarddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\ CRLs. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x1000, Param3: 0x62, Param4: 0x0, Param5: 0x0, Path: 0x288: \Device\Har ddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs.

0x0A10: INFO: New_NtQueryDirectoryFile reports no more data. Status: 0x800000 06, Param1: 0x3, Param2: 0x1000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Name: , Path: 0x288: \Device\HarddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\System Certificates\My\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x288, Path: \??\C: \Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x60, Param4: 0x1, Param5: 0x0, Name: *, Path: 0x288: \De vice\HarddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\ CTLs. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x1000, Param3: 0x62, Param4: 0x0, Param5: 0x0, Path: 0x288: \Device\Har ddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs. 0x0A10: INFO: New_NtQueryDirectoryFile reports no more data. Status: 0x800000 06, Param1: 0x3, Param2: 0x1000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Name: , Path: 0x288: \Device\HarddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\System Certificates\My\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x288, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\CA. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\CA. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x28C, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x28C: \REGISTRY\USER\S-1-521-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\CA \Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x28C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\CA\C ertificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x28C: \REGISTRY\USER\S-1-5-21

-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\CA\C ertificates. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x28C: \REGISTRY\USER\S-1 -5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates \CA\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x290: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\3ADD0E7EA2B284FF459E137365 B482D188DFBF8A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x290: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\3ADD0E7EA2B284FF459E137365 B482D188DFBF8A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E3, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x290: \REG ISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Syst emCertificates\CA\Certificates\3ADD0E7EA2B284FF459E137365B482D188DFBF8A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x290. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x28C: \REGISTRY\USER\S-1 -5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates \CA\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x72A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x290: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\4A8A2A0E276FF33B5DD88A3621 46010F2A8B6AEE. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x72A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x290: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\4A8A2A0E276FF33B5DD88A3621 46010F2A8B6AEE. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x72A, Param3: 0x72A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x290: \REG ISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Syst emCertificates\CA\Certificates\4A8A2A0E276FF33B5DD88A362146010F2A8B6AEE. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x290. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x28C: \REGISTRY\USER\S-1 -5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates \CA\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x556, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x290: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\867539A26C81FA2D78277C3ADF DB304312535E57. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x556, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x290: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\867539A26C81FA2D78277C3ADF DB304312535E57. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x556, Param3: 0x556, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x290: \REG ISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Syst emCertificates\CA\Certificates\867539A26C81FA2D78277C3ADFDB304312535E57.

0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x290. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x28C: \REGISTRY\USER\S-1 -5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates \CA\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x290: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\E5958D48FE10D7340311E8C03B B22940DABA2DA3. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x290: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\E5958D48FE10D7340311E8C03B B22940DABA2DA3. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x5E2, Param3: 0x5E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x290: \REG ISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Syst emCertificates\CA\Certificates\E5958D48FE10D7340311E8C03BB22940DABA2DA3. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x290. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x28C. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x28C, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x28C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\CA\C RLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x28C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\CA\C RLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x28C. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x28C, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x28C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\CA\C TLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x28C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\CA\C TLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x28C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \REGIST

RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\CA. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x290, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x290: \REGISTRY\USER\S-1-521-4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertif icates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x290: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x290: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\CA\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x290. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x290, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x290: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\CA\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x290: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\CA\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x290. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x290, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x290: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\CA\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x290: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\CA\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x290. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\CA. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\CA. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x294, Path: \REGIST

RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\SOF TWARE\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x487, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x298: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Ce rtificates\109F1CAED645BB78B3EA2B94C0697C740733031C. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x487, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x298: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Ce rtificates\109F1CAED645BB78B3EA2B94C0697C740733031C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x487, Param3: 0x487, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x298: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645 BB78B3EA2B94C0697C740733031C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x298. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x453, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x298: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Ce rtificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x453, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x298: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Ce rtificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x453, Param3: 0x453, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x298: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B 08F46A30A133F8A9ED3D038E2EA8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x298. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x27A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x298: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Ce rtificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x27A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x298: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Ce rtificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x27A, Param3: 0x27A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x298: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E39 65A5246F000E87FDE2A065FD89D4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x298. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x294. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x294, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\CA\CRLs. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x1ED, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x298: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CR Ls\A377D1B1C0538833035211F4083D00FECC414DAB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x1ED, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x298: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CR Ls\A377D1B1C0538833035211F4083D00FECC414DAB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x1ED, Param3: 0x1ED, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x298: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C05388330352 11F4083D00FECC414DAB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x298. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x294. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x294, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x294. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \REGIST RY\MACHINE\Software\Policies\Microsoft\SystemCertificates\CA. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x294, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\SOF TWARE\Policies\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x294. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x294, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x294. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x294, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x294. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \REGIST RY\MACHINE\Software\Microsoft\EnterpriseCertificates\CA. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \REGIST RY\MACHINE\Software\Microsoft\EnterpriseCertificates\CA. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x298, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x298: \REGISTRY\MACHINE\SOF TWARE\Microsoft\EnterpriseCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x298: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x298: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x298. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x298, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x298: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x298: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x298. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x298, Path: \REGIST

RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x298: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x298: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x298. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x298, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Disallowed. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x298. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x298. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x298. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x298. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Disallowed. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x298. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x29C, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x29C: \REGISTRY\USER\S-1-521-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Di sallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x29C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x29C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x29C. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x29C, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x

B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x29C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x29C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x29C. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x29C, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x29C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x29C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x29C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\Disallowed. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A0, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A0: \REGISTRY\USER\S-1-521-4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertif icates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A0: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A0: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A0. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A0, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A0: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x

B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A0: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A0. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A0, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A0: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A0: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\Disallowed. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\Disallowed. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A4, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\SOF TWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\1916A2AF346D399F50313C393200F14140456616. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\1916A2AF346D399F50313C393200F14140456616. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6D8, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\1916 A2AF346D399F50313C393200F14140456616.

0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x628, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\2B84 BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6EC, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\305F 8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x688, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\367D 4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4.

0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x55C, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\40AA 38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x670, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\43D9 BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E3, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\471C 949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x7, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x4BB, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\51C3 247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x8, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x77C, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\5DE8 3EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x9, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x7D1, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6179 3FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xA, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x94A, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6371 62CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xB, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000

0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E3, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\63FE AE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xC, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\6431723036FD26DEA502792FA595922493030F97. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\6431723036FD26DEA502792FA595922493030F97. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E2, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6431 723036FD26DEA502792FA595922493030F97. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xD, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x95C, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F 4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xE, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6CD, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\8096 2AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8.

0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xF, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x688, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\86E8 17C81A5CA672FE000F36F878C19518D6F844. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x10, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x602, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\8E5B D50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x11, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x64A, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\9845 A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x12, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name:

Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x54F, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B533 345D06F64516403C00DA03187D3BFEF59156. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x13, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x628, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B86E 791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x14, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x65E, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\C060 ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x15, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E0, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\CEA5 86B2CE593EC7D939898337C57814708AB2BE. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x16, Param

2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6CD, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\D018 B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x17, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x50D, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\F8A5 4E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A4. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A4, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A4. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A4, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par

am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \REGIST RY\MACHINE\Software\Policies\Microsoft\SystemCertificates\Disallowed. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A4, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificate s. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\SOF TWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A4. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A4, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A4. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A4, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \REGIST RY\MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \REGIST RY\MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8: \REGISTRY\MACHINE\SOF TWARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A8: \REGISTRY\MACHINE\SOFTW

ARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Root. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Root. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2AC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2AC. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2B0, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Root\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B0: \REGISTRY\USER\S-1-521-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Ro

ot\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B0: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Root \Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B0: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Root \Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B0. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2B0, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Root\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B0: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Root \CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B0: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Root \CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B0. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2B0, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Root\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B0: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Root \CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B0: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Root \CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B0. 0x0A10: SUCCESS: New_NtQuerySecurityObject succeeded. Status: 0x0, Param1: 0x14 , Param2: 0x400, Param3: 0x84, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\ USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCert ificates\Root\ProtectedRoots. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x24, Param4: 0x0, Param5: 0x0, Name: Certificates, Path: 0x2B4 : \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsof t\SystemCertificates\Root\ProtectedRoots. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x24, Param4: 0x0, Param5: 0x0, Name: Certificates, Path: 0x2B4 : \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsof t\SystemCertificates\Root\ProtectedRoots. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\Root. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\Root. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2B0, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B0: \REGISTRY\MACHINE\SOF TWARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x3C4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x3C4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x3C4, Param3: 0x3C4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3 090203FD5BAA2F861A754976C8DD25. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x397, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x397, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x397, Param3: 0x397, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF75 14E7CF2DF8BE72AE957B9E04741E85. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4D8, Param4: 0x0, Param5: 0x0, Name:

Blob, Path: 0x2B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x4D8, Param3: 0x4D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223 F3C813818C994614A89C99FA3B5247. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x500, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x500, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x500, Param3: 0x500, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A 520F0D93D032CCAF37E7FE20A8B419. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x3A3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x3A3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x3A3, Param3: 0x3A3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562F B2EE05DBB3D32323ADF445084ED656. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6A3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6A3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6A3, Param3: 0x6A3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE60

00AC7F40C3802C171E30148030C072. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B0. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2B0, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\ROOT\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\ROOT\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B0. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2B0, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\ROOT\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\ROOT\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\AuthRoot. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2B4, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\SOF TWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5C8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\02FAF3E291435468607857694DF5E45B68851868. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5C8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\02FAF3E291435468607857694DF5E45B68851868. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x5C8, Param3: 0x5C8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3 E291435468607857694DF5E45B68851868. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5E4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5E4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x5E4, Param3: 0x5E4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BA E63F1801E277261BA0D77770028F20EEE4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x477, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x477, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x477, Param3: 0x477, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2A D07F2B335EF5A1C34E4B57E8B7D8F1FCA6. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x572, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\3921C115C15D0ECA5CCB5BC4F07D21D8050B566A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x572, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\3921C115C15D0ECA5CCB5BC4F07D21D8050B566A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x572, Param3: 0x572, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3921C1 15C15D0ECA5CCB5BC4F07D21D8050B566A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x654, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000

0005, Param1: 0x2, Param2: 0x90, Param3: 0x654, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x654, Param3: 0x654, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D5 78499B1CCF5F581EAD56BE3D9B6744A5E5. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x389, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x389, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x389, Param3: 0x389, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F6556 6336DB6598581D584A596C87934D5F2AB4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5C4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5C4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x5C4, Param3: 0x5C4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006 091D97D4F5AE39F7CBE7927D7D652D3431. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x7, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5A8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\58119F0E128287EA50FDD987456F4F78DCFAD6D4. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5A8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\58119F0E128287EA50FDD987456F4F78DCFAD6D4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x5A8, Param3: 0x5A8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\58119F 0E128287EA50FDD987456F4F78DCFAD6D4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8.

0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x8, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x48C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x48C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x48C, Param3: 0x48C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\627F8D 7827656399D27D7F9044C9FEB3F33EFA9A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x9, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x44F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\69BD8CF49CD300FB592E1793CA556AF3ECAA35FB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x44F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\69BD8CF49CD300FB592E1793CA556AF3ECAA35FB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x44F, Param3: 0x44F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\69BD8C F49CD300FB592E1793CA556AF3ECAA35FB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xA, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x410, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x410, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x410, Param3: 0x410, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C31 92E607E424EB4549542BE1BBC53E6174E2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xB, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x436, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x436, Param4: 0x0, Param5: 0x0, Name:

Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x436, Param3: 0x436, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371C A6E550143DCE2803471BDE3A09E8F8770F. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xC, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x581, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x581, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x581, Param3: 0x581, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6 EE3E8AC86384E548C299295C756C817B81. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xD, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x3FA, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\97817950D81C9670CC34D809CF794431367EF474. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x3FA, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\97817950D81C9670CC34D809CF794431367EF474. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x3FA, Param3: 0x3FA, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\978179 50D81C9670CC34D809CF794431367EF474. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xE, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x436, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x436, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x436, Param3: 0x436, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97E2E9 9636A547554F838FBA38B82E74F89A830A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xF, Param2

: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x66E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\99A69BE61AFE886B4D2B82007CB854FC317E1539. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x66E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\99A69BE61AFE886B4D2B82007CB854FC317E1539. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x66E, Param3: 0x66E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\99A69B E61AFE886B4D2B82007CB854FC317E1539. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x10, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x536, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x536, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x536, Param3: 0x536, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC96 8BD4F49D622AA89A81F2150152A41D829C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x11, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x479, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\D23209AD23D314232174E40D7F9D62139786633A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x479, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\D23209AD23D314232174E40D7F9D62139786633A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x479, Param3: 0x479, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209 AD23D314232174E40D7F9D62139786633A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x12, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4A6, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4A6, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR

oot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x4A6, Param3: 0x4A6, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4 A4FFE5B92FA3C503D1A349A7F9962A8212. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x13, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4AA, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\E0AB059420725493056062023670F7CD2EFC6666. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4AA, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\E0AB059420725493056062023670F7CD2EFC6666. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x4AA, Param3: 0x4AA, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E0AB05 9420725493056062023670F7CD2EFC6666. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x14, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5B0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5B0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x5B0, Param3: 0x5B0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB 4B41D7D9C32B30514BAC1D81D8385E2D46. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B4. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2B4, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\AuthRoot\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\AuthRoot\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B4. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2B4, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\AuthRoot\CTLs.

0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\AuthRoot\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Policies\Microsoft\SystemCertificates\Root. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2B4, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\SOF TWARE\Policies\Microsoft\SystemCertificates\Root\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Root\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Root\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B4. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2B4, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Root\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Root\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B4. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2B4, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Root\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Root\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Microsoft\EnterpriseCertificates\Root. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Microsoft\EnterpriseCertificates\Root. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2B8, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2:

0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8: \REGISTRY\MACHINE\SOF TWARE\Microsoft\EnterpriseCertificates\Root\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Root\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Root\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2B8, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Root\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Root\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2B8, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Root\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Root\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\SmartCardRoot. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2BC, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2BC: \REGISTRY\MACHINE\SOF TWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2BC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2BC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2BC. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2BC, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2BC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2BC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs.

0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2BC. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2BC, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2BC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2BC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2BC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2BC, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\SmartCardRoot. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2C4, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\SmartCardRoot\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2C4: \REGISTRY\USER\S-1-521-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Sm artCardRoot\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Smar tCardRoot\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Smar tCardRoot\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2C4. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2C4, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\SmartCardRoot\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Smar tCardRoot\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Smar tCardRoot\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2C4. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2C4, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\SmartCardRoot\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Smar

tCardRoot\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Smar tCardRoot\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2C4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2BC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2BC, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\TrustedPeople. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2BC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2BC. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\TrustedPeople. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2BC. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2C4, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2C4: \REGISTRY\USER\S-1-521-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Tr ustedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Trus tedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Trus tedPeople\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2C4. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2C4, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Trus tedPeople\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x

B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Trus tedPeople\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2C4. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2C4, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Trus tedPeople\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Trus tedPeople\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2C4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\TrustedPeople. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2C8, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2C8: \REGISTRY\USER\S-1-521-4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertif icates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2C8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2C8, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2C8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2C8, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2C8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2CC, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2CC: \REGISTRY\MACHINE\SOF TWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2CC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2CC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2CC. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2CC, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2CC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2CC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2CC. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2CC, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2CC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2CC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2CC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPeople. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2CC, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certific ates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2CC: \REGISTRY\MACHINE\SOF TWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2CC: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2CC: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2CC. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2CC, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2CC: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2CC: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2CC. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2CC, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2CC: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2CC: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2CC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2D0, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2D0: \REGISTRY\MACHINE\SOF TWARE\Microsoft\EnterpriseCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x

B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2D0. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2D0, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2D0. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2D0, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2D0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2D0, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\trust. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2D0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2D0. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\trust. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2D0. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2D4, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\trust\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2D4: \REGISTRY\USER\S-1-521-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\tr

ust\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\trus t\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\trus t\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2D4. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2D4, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\trust\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\trus t\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\trus t\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2D4. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2D4, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\trust\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\trus t\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\trus t\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2D4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\trust. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2D8, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\trust\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2D8: \REGISTRY\USER\S-1-521-4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertif icates\trust\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific

ates\trust\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\trust\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2D8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2D8, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\trust\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\trust\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\trust\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2D8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2D8, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\trust\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\trust\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\trust\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2D8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\trust. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\trust. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2DC, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2DC: \REGISTRY\MACHINE\SOF TWARE\Microsoft\SystemCertificates\trust\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2DC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\trust\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2DC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\trust\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2DC. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par

am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2DC, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2DC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\trust\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2DC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\trust\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2DC. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2DC, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2DC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\trust\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2DC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\trust\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2DC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Policies\Microsoft\SystemCertificates\trust. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2DC, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2DC: \REGISTRY\MACHINE\SOF TWARE\Policies\Microsoft\SystemCertificates\trust\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2DC: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\trust\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2DC: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\trust\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2DC. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2DC, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2DC: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\trust\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2DC: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\trust\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2DC. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2DC, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2DC: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\trust\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2DC: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\trust\CTLs.

0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2DC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Microsoft\EnterpriseCertificates\trust. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Microsoft\EnterpriseCertificates\trust. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2E0, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2E0: \REGISTRY\MACHINE\SOF TWARE\Microsoft\EnterpriseCertificates\Trust\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2E0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Trust\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2E0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Trust\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2E0. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2E0, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2E0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Trust\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2E0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Trust\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2E0. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2E0, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2E0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Trust\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2E0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Trust\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2E0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x2AC: \REGISTRY\USER\S -1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificat es\Root. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x2, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2E8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Root \Certificates.

0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2E8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Root \Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2E8. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2E8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Root \CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2E8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Root \CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2E8. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2E8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Root \CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2E8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Root \CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2E8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2E8. 0x0A10: SUCCESS: New_NtQuerySecurityObject succeeded. Status: 0x0, Param1: 0x14 , Param2: 0x400, Param3: 0x84, Param4: 0x0, Param5: 0x0, Path: 0x2EC: \REGISTRY\ USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCert ificates\Root\ProtectedRoots. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x24, Param4: 0x0, Param5: 0x0, Name: Certificates, Path: 0x2EC : \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsof t\SystemCertificates\Root\ProtectedRoots. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x24, Param4: 0x0, Param5: 0x0, Name: Certificates, Path: 0x2EC : \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsof t\SystemCertificates\Root\ProtectedRoots. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2EC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2E8. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x280: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\SystemCertificates\ROOT. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x3, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2F0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2F0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x3C4, Param4: 0x0, Param5: 0x0, Name:

Blob, Path: 0x2F4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x3C4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x3C4, Param3: 0x3C4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3 090203FD5BAA2F861A754976C8DD25. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2F4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x397, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x397, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x397, Param3: 0x397, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF75 14E7CF2DF8BE72AE957B9E04741E85. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2F4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x4D8, Param3: 0x4D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223 F3C813818C994614A89C99FA3B5247. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2F4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x500, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x500, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x500, Param3: 0x500, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A

520F0D93D032CCAF37E7FE20A8B419. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2F4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x3A3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x3A3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x3A3, Param3: 0x3A3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562F B2EE05DBB3D32323ADF445084ED656. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2F4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6A3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6A3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6A3, Param3: 0x6A3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE60 00AC7F40C3802C171E30148030C072. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2F4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2F0. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2F0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\ROOT\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2F0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\ROOT\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2F0. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2F0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\ROOT\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2F0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\ROOT\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2F0. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x2B0: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\SystemCertificates\AuthRoot. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x4, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: .

0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5C8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\02FAF3E291435468607857694DF5E45B68851868. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5C8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\02FAF3E291435468607857694DF5E45B68851868. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x5C8, Param3: 0x5C8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3 E291435468607857694DF5E45B68851868. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5E4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5E4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x5E4, Param3: 0x5E4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BA E63F1801E277261BA0D77770028F20EEE4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x477, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x477, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x477, Param3: 0x477, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2A D07F2B335EF5A1C34E4B57E8B7D8F1FCA6. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates.

0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x572, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\3921C115C15D0ECA5CCB5BC4F07D21D8050B566A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x572, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\3921C115C15D0ECA5CCB5BC4F07D21D8050B566A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x572, Param3: 0x572, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3921C1 15C15D0ECA5CCB5BC4F07D21D8050B566A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x654, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x654, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x654, Param3: 0x654, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D5 78499B1CCF5F581EAD56BE3D9B6744A5E5. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x389, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x389, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x389, Param3: 0x389, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F6556 6336DB6598581D584A596C87934D5F2AB4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5C4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5C4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param

2: 0x5C4, Param3: 0x5C4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006 091D97D4F5AE39F7CBE7927D7D652D3431. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x7, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5A8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\58119F0E128287EA50FDD987456F4F78DCFAD6D4. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5A8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\58119F0E128287EA50FDD987456F4F78DCFAD6D4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x5A8, Param3: 0x5A8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\58119F 0E128287EA50FDD987456F4F78DCFAD6D4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x8, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x48C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x48C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x48C, Param3: 0x48C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\627F8D 7827656399D27D7F9044C9FEB3F33EFA9A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x9, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x44F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\69BD8CF49CD300FB592E1793CA556AF3ECAA35FB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x44F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\69BD8CF49CD300FB592E1793CA556AF3ECAA35FB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x44F, Param3: 0x44F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\69BD8C F49CD300FB592E1793CA556AF3ECAA35FB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xA, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000

0005, Param1: 0x2, Param2: 0x90, Param3: 0x410, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x410, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x410, Param3: 0x410, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C31 92E607E424EB4549542BE1BBC53E6174E2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xB, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x436, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x436, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x436, Param3: 0x436, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371C A6E550143DCE2803471BDE3A09E8F8770F. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xC, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x581, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x581, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x581, Param3: 0x581, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6 EE3E8AC86384E548C299295C756C817B81. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xD, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x3FA, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\97817950D81C9670CC34D809CF794431367EF474. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x3FA, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\97817950D81C9670CC34D809CF794431367EF474. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x3FA, Param3: 0x3FA, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG

ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\978179 50D81C9670CC34D809CF794431367EF474. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xE, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x436, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x436, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x436, Param3: 0x436, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97E2E9 9636A547554F838FBA38B82E74F89A830A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xF, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x66E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\99A69BE61AFE886B4D2B82007CB854FC317E1539. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x66E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\99A69BE61AFE886B4D2B82007CB854FC317E1539. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x66E, Param3: 0x66E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\99A69B E61AFE886B4D2B82007CB854FC317E1539. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x10, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x536, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x536, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x536, Param3: 0x536, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC96 8BD4F49D622AA89A81F2150152A41D829C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x11, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x479, Param4: 0x0, Param5: 0x0, Name:

Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\D23209AD23D314232174E40D7F9D62139786633A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x479, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\D23209AD23D314232174E40D7F9D62139786633A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x479, Param3: 0x479, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209 AD23D314232174E40D7F9D62139786633A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x12, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4A6, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4A6, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x4A6, Param3: 0x4A6, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4 A4FFE5B92FA3C503D1A349A7F9962A8212. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x13, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4AA, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\E0AB059420725493056062023670F7CD2EFC6666. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4AA, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\E0AB059420725493056062023670F7CD2EFC6666. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x4AA, Param3: 0x4AA, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E0AB05 9420725493056062023670F7CD2EFC6666. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x14, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5B0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5B0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x5B0, Param3: 0x5B0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB

4B41D7D9C32B30514BAC1D81D8385E2D46. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2F8. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\AuthRoot\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\AuthRoot\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2F8. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\AuthRoot\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\AuthRoot\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2F8. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\GPAPI.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\GPAPI.d ll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\GPAPI.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x304, Path: \??\C:\W indows\system32\GPAPI.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x308, Path: 0x 304: \Device\HarddiskVolume1\Windows\SysWOW64\gpapi.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x739A0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x16000, Path: 0x308: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x308: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x308. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x304. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: UserenvDebugLevel, Path: 0x304: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Mi crosoft\Windows NT\CurrentVersion\Winlogon. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x304. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: GpSvcDebugLevel, Path: 0x304: \REGISTRY\MACHINE\SOFTWARE\Policies\Microso ft\Windows\System. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x304. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x304. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: MaxRpcSize, Path: 0x304: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Rpc. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x304. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path:

\Registry\Machine\Software\Policies\Microsoft\SQMClient\Windows. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20119, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x310, Path: \Registry\M achine\Software\Microsoft\SQMClient\Windows. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x14, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: CEIPEnable, Path: 0x310: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SQMClient\Windows. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x14, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: CEIPSampledIn, Path: 0x31 0: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SQMClient\Windows. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x310. 0x0A10: SUCCESS: New_NtDuplicateObject succeeded. Status: 0x0, Param1: 0xFFFFFF FF, Param2: 0xFFFFFFFF, Param3: 0x0, Param4: 0x0, Param5: 0x2, OutHandle: 0x31C, Path: 0xFFFFFFFE: . 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x2C, Param4: 0x0, Param5: 0x0, Name: SQMServiceList, Path: 0x3 24: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SQMServiceList. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x324. 0x0A10: SUCCESS: New_NtDuplicateObject succeeded. Status: 0x0, Param1: 0xFFFFFF FF, Param2: 0xFFFFFFFF, Param3: 0x0, Param4: 0x0, Param5: 0x6, OutHandle: 0x32C, Path: 0x328: . 0x0A10: SUCCESS: New_NtDuplicateObject succeeded. Status: 0x0, Param1: 0xFFFFFF FF, Param2: 0xFFFFFFFF, Param3: 0x0, Param4: 0x0, Param5: 0x6, OutHandle: 0x33C, Path: 0x338: . 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x5, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x6, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: SystemSetupInProgress, Pa th: 0x344: \REGISTRY\MACHINE\SYSTEM\Setup. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x344. 0x0A10: SUCCESS: New_NtDuplicateObject succeeded. Status: 0x0, Param1: 0xFFFFFF FF, Param2: 0xFFFFFFFF, Param3: 0x0, Param4: 0x0, Param5: 0x2, OutHandle: 0x344, Path: 0x300: . 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x7, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x354: \REGISTRY\MACHIN E\SOFTWARE\Policies\Microsoft\SystemCertificates. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x8, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x35C: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Root\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x35C: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Root\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x35C. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x35C: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Root\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x35C: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Root\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x35C. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x35C: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Root\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x35C: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Root\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x35C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x358. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\EnterpriseCertificates\Root. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x9, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x360: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Root\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x360: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Root\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x360. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x360: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Root\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x360: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Root\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x360. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x360: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Root\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x360: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Root\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x360. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x2B8: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0xA, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x368: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x368: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x368. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x368: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x368: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x368. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x368: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x368: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x368. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x2C0: \REGISTRY\USER\S -1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificat es\SmartCardRoot. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0xB, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x370: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Smar tCardRoot\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x370: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Smar tCardRoot\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x370. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x370: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Smar tCardRoot\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x370: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Smar tCardRoot\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x370. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x370: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Smar tCardRoot\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x370: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Smar tCardRoot\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x370. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x2D0: \REGISTRY\USER\S -1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificat es\trust. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0xC, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x378: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\trus t\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x378: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\trus t\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x378. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x378: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\trus t\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x378: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\trus t\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x378. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x378: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\trus t\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x378: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\trus t\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x378. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: UserenvDebugLevel, Path: 0x384: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Mi crosoft\Windows NT\CurrentVersion\Winlogon. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x384. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: GpSvcDebugLevel, Path: 0x384: \REGISTRY\MACHINE\SOFTWARE\Policies\Microso ft\Windows\System. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x384. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x384. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: SystemSetupInProgress, Pa th: 0x384: \REGISTRY\MACHINE\SYSTEM\Setup. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x384. 0x0A10: SUCCESS: New_NtDuplicateObject succeeded. Status: 0x0, Param1: 0xFFFFFF FF, Param2: 0xFFFFFFFF, Param3: 0x0, Param4: 0x0, Param5: 0x2, OutHandle: 0x384, Path: 0x380: . 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0xD, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x38C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x38C. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x390: \REGISTRY\USER\S -1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemC ertificates. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0xE, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x394: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\trust\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x394: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific

ates\trust\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x394. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x394: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\trust\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x394: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\trust\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x394. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x394: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\trust\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x394: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\trust\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x394. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x38C. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x2D8: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\SystemCertificates\trust. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0xF, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x398: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\trust\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x398: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\trust\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x398. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x398: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\trust\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x398: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\trust\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x398. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x398: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\trust\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x398: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\trust\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x398. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3A0: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\trust\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3A0: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\trust\Certificates.

0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3A0. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3A0: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\trust\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3A0: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\trust\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3A0. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3A0: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\trust\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3A0: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\trust\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3A0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x39C. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x2DC: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\EnterpriseCertificates\Trust. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x10, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3A4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Trust\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3A4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Trust\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3A4. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3A4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Trust\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3A4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Trust\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3A4. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3A4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Trust\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3A4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Trust\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3A4. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\USER\S -1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificat es\CA. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x11, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3AC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\CA\C ertificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x

B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3AC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\CA\C ertificates. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3AC: \REGISTRY\USER\S-1 -5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates \CA\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3B0: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\3ADD0E7EA2B284FF459E137365 B482D188DFBF8A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3B0: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\3ADD0E7EA2B284FF459E137365 B482D188DFBF8A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E3, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3B0: \REG ISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Syst emCertificates\CA\Certificates\3ADD0E7EA2B284FF459E137365B482D188DFBF8A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3B0. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3AC: \REGISTRY\USER\S-1 -5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates \CA\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x72A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3B0: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\4A8A2A0E276FF33B5DD88A3621 46010F2A8B6AEE. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x72A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3B0: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\4A8A2A0E276FF33B5DD88A3621 46010F2A8B6AEE. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x72A, Param3: 0x72A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3B0: \REG ISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Syst emCertificates\CA\Certificates\4A8A2A0E276FF33B5DD88A362146010F2A8B6AEE. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3B0. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3AC: \REGISTRY\USER\S-1 -5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates \CA\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x556, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3B0: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\867539A26C81FA2D78277C3ADF DB304312535E57. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x556, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3B0: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\867539A26C81FA2D78277C3ADF DB304312535E57. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x556, Param3: 0x556, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3B0: \REG ISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Syst

emCertificates\CA\Certificates\867539A26C81FA2D78277C3ADFDB304312535E57. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3B0. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3AC: \REGISTRY\USER\S-1 -5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates \CA\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3B0: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\E5958D48FE10D7340311E8C03B B22940DABA2DA3. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3B0: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\E5958D48FE10D7340311E8C03B B22940DABA2DA3. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x5E2, Param3: 0x5E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3B0: \REG ISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Syst emCertificates\CA\Certificates\E5958D48FE10D7340311E8C03BB22940DABA2DA3. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3B0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3AC. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3AC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\CA\C RLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3AC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\CA\C RLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3AC. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3AC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\CA\C TLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3AC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\CA\C TLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3AC. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3B4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3B4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\CA\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3B4. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3B4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\CA\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x

B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3B4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\CA\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3B4. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3B4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\CA\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3B4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\CA\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3B4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3B0. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x290: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\SystemCertificates\CA. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x12, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3B8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3B8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3B8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x487, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3BC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Ce rtificates\109F1CAED645BB78B3EA2B94C0697C740733031C. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x487, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3BC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Ce rtificates\109F1CAED645BB78B3EA2B94C0697C740733031C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x487, Param3: 0x487, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3BC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645 BB78B3EA2B94C0697C740733031C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3BC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3B8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x453, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3BC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Ce rtificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x453, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3BC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Ce rtificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x453, Param3: 0x453, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3BC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B 08F46A30A133F8A9ED3D038E2EA8.

0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3BC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3B8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x27A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3BC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Ce rtificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x27A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3BC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Ce rtificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x27A, Param3: 0x27A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3BC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E39 65A5246F000E87FDE2A065FD89D4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3BC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3B8. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3B8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3B8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3B8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\CA\CRLs. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x1ED, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3BC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CR Ls\A377D1B1C0538833035211F4083D00FECC414DAB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x1ED, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3BC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CR Ls\A377D1B1C0538833035211F4083D00FECC414DAB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x1ED, Param3: 0x1ED, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3BC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C05388330352 11F4083D00FECC414DAB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3BC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3B8. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3B8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3B8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3B8. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3C0: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3C0: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\CA\Certificates.

0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3C0. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3C0: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3C0: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3C0. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3C0: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3C0: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3C0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3BC. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x294: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\EnterpriseCertificates\CA. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x13, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3C4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3C4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3C4. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3C4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3C4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3C4. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3C4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3C4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3C4. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4001, Param4: 0x0, Param5: 0x0, OutHandle: 0x3C8, Path: \??\C: \Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My. 0x0A10: SUCCESS: New_NtNotifyChangeDirectoryFile succeeded. Status: 0x103, Para m1: 0x20, Param2: 0x1B, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x3C8: \Dev ice\HarddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x14, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x3CC, Path: \??\C: \Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\.

0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x60, Param4: 0x1, Param5: 0x0, Name: *, Path: 0x3CC: \De vice\HarddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\ Certificates. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x1000, Param3: 0x116, Param4: 0x0, Param5: 0x0, Path: 0x3CC: \Device\Ha rddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\Certifi cates. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x3D0, Path: \?? \C:\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\C19B E8CB79A3CA2F7057F7DA1EF5AF0602599CC4. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3D0: \Device\Har ddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\Certific ates\C19BE8CB79A3CA2F7057F7DA1EF5AF0602599CC4. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 338, Param3: 0x338, Param4: 0x0, Param5: 0x0, Path: 0x3D0: \Device\HarddiskVolum e1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\C19BE 8CB79A3CA2F7057F7DA1EF5AF0602599CC4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3D0. 0x0A10: INFO: New_NtQueryDirectoryFile reports no more data. Status: 0x800000 06, Param1: 0x3, Param2: 0x1000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Name: , Path: 0x3CC: \Device\HarddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\System Certificates\My\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3CC. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x3CC, Path: \??\C: \Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x60, Param4: 0x1, Param5: 0x0, Name: *, Path: 0x3CC: \De vice\HarddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\ CRLs. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x1000, Param3: 0x62, Param4: 0x0, Param5: 0x0, Path: 0x3CC: \Device\Har ddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs. 0x0A10: INFO: New_NtQueryDirectoryFile reports no more data. Status: 0x800000 06, Param1: 0x3, Param2: 0x1000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Name: , Path: 0x3CC: \Device\HarddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\System Certificates\My\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3CC. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x3CC, Path: \??\C: \Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x60, Param4: 0x1, Param5: 0x0, Name: *, Path: 0x3CC: \De vice\HarddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\ CTLs. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x1000, Param3: 0x62, Param4: 0x0, Param5: 0x0, Path: 0x3CC: \Device\Har ddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs. 0x0A10: INFO: New_NtQueryDirectoryFile reports no more data. Status: 0x800000 06, Param1: 0x3, Param2: 0x1000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Name: , Path: 0x3CC: \Device\HarddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\System Certificates\My\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3CC.

0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x298: \REGISTRY\USER\S -1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificat es\Disallowed. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x15, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3D4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3D4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3D4. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3D4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3D4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3D4. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3D4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3D4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3D4. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3DC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3DC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3DC. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3DC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3DC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3DC. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3DC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CTLs.

0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3DC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3DC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3D8. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x2A0: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\SystemCertificates\Disallowed. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x16, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\1916A2AF346D399F50313C393200F14140456616. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\1916A2AF346D399F50313C393200F14140456616. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6D8, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\1916 A2AF346D399F50313C393200F14140456616. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x628, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\2B84 BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6.

0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6EC, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\305F 8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x688, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\367D 4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x55C, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\40AA 38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x670, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\43D9 BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E3, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\471C 949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x7, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x4BB, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\51C3 247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x8, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x77C, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\5DE8 3EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x9, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000

0005, Param1: 0x2, Param2: 0x90, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x7D1, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6179 3FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xA, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x94A, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6371 62CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xB, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E3, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\63FE AE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xC, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\6431723036FD26DEA502792FA595922493030F97. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\6431723036FD26DEA502792FA595922493030F97. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E2, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6431 723036FD26DEA502792FA595922493030F97. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4.

0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xD, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x95C, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F 4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xE, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6CD, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\8096 2AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xF, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x688, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\86E8 17C81A5CA672FE000F36F878C19518D6F844. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x10, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name:

Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x602, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\8E5B D50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x11, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x64A, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\9845 A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x12, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x54F, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B533 345D06F64516403C00DA03187D3BFEF59156. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x13, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x628, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B86E 791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x14, Param

2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x65E, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\C060 ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x15, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E0, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\CEA5 86B2CE593EC7D939898337C57814708AB2BE. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x16, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6CD, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\D018 B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x17, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal

lowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x50D, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\F8A5 4E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E0. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E0. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E0. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3E8: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3E8: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E8. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3E8: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3E8: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E8. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3E8: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3E8: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x17, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3EC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x

B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3EC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3EC. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3EC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3EC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3EC. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3EC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3EC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3EC. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x2BC: \REGISTRY\USER\S -1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificat es\TrustedPeople. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x18, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3F4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Trus tedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3F4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Trus tedPeople\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3F4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Trus tedPeople\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3F4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Trus tedPeople\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3F4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Trus tedPeople\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3F4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Trus tedPeople\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3FC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\TrustedPeople\Certificates.

0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3FC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3FC. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3FC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3FC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3FC. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3FC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3FC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3FC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F8. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x2C8: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x19, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x404: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x404: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x404. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x404: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x404: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x404. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x404: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x404: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x404. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x40C: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates.

0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x40C: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x40C. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x40C: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x40C: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x40C. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x40C: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x40C: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x40C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x408. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x2CC: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x1A, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x410: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x410: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x410. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x410: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x410: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x410. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x410: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x410: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x410. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x278: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateCha inEngine\Config. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x1B, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x414: \REGISTRY\MACHINE\

SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x418. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x414: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x1E, Param5: 0x0, Path: 0x41C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CertDllVerifyRevo cation. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x420: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CertDllVerifyRevocatio n\DEFAULT. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3C, Param5: 0x0, Path: 0x420: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CertDllVerify Revocation\DEFAULT. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x1, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x41C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\Encoding Type 1\CertDllVerifyRevocation. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x418. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x414: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x414. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\cryptnet.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\cryptne t.dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\cryptnet.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x414, Path: \??\C:\W indows\system32\cryptnet.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x418, Path: 0x 414: \Device\HarddiskVolume1\Windows\SysWOW64\cryptnet.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x73980 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1C000, Path: 0x418: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x418: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x418. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x414. 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0xF, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x414, Path: \KnownDlls3 2\WLDAP32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x76750 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x45000, Path: 0x414: \Known

Dlls32\WLDAP32.dll. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x414: \KnownDlls32\WLDAP32. dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x414. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: LdapClientIntegrity, Path : 0x41C: \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\LDAP. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: UseOldHostResolutionOrder, Path: 0x41C: \REGISTRY\MACHINE\SYSTEM\ControlS et001\services\LDAP. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: UseHostnameAsAlias, Path: 0x41C: \REGISTRY\MACHINE\SYSTEM\ControlSet001\s ervices\LDAP. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x41C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x41C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x41C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x41C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x41C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x41C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: DebugFlags, Path: 0x41C: \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ crypt32. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x41C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x41C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x41C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x41C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x41C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x41C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: Local AppData, Path: 0x42 0: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microso ft\Windows\CurrentVersion\Explorer\User Shell Folders. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: Local AppData, Path: 0x42 0: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microso ft\Windows\CurrentVersion\Explorer\User Shell Folders. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x28, Param4: 0x0, Param5: 0x0, Name: ProfileImagePath, Path: 0 x424: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList \S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x28, Param4: 0x0, Param5: 0x0, Name: ProfileImagePath, Path: 0 x424: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList \S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\LocalLow. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x20000, Param2 : 0x7, Param3: 0x200000, Param4: 0x0, Param5: 0x0, OutHandle: 0x420, Path: \??\C :\Users\MarK\AppData\LocalLow. 0x0A10: SUCCESS: New_NtQuerySecurityObject succeeded. Status: 0x0, Param1: 0x10 , Param2: 0x400, Param3: 0x30, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\Ha rddiskVolume1\Users\MarK\AppData\LocalLow. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x41C, Path: \?? \C:\Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0 A46932B0E5948949F2A5. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x420, Path: \?? \C:\Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A 46932B0E5948949F2A5. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x41C: \Device\Har ddiskVolume1\Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\60E 31627FDA0A46932B0E5948949F2A5. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x41C: \Device\HarddiskVolume1\U sers\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A4693 2B0E5948949F2A5. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 6C, Param3: 0x6C, Param4: 0x0, Param5: 0x0, Path: 0x41C: \Device\HarddiskVolume1 \Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46 932B0E5948949F2A5. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 72, Param3: 0x72, Param4: 0x0, Param5: 0x0, Path: 0x41C: \Device\HarddiskVolume1 \Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46 932B0E5948949F2A5. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 382, Param3: 0x382, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\HarddiskVolum e1\Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A4 6932B0E5948949F2A5. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: CryptnetCachedOcspSwitchToCrlCount, Path: 0x41C: \REGISTRY\MACHINE\SOFTWA RE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine \Config. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: CryptnetMaxCachedOcspPerCrlCount, Path: 0x41C: \REGISTRY\MACHINE\SOFTWARE \Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\C onfig. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: Local AppData, Path: 0x42 0: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microso ft\Windows\CurrentVersion\Explorer\User Shell Folders. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: Local AppData, Path: 0x42 0: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microso ft\Windows\CurrentVersion\Explorer\User Shell Folders. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x28, Param4: 0x0, Param5: 0x0, Name: ProfileImagePath, Path: 0 x424: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

\S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x28, Param4: 0x0, Param5: 0x0, Name: ProfileImagePath, Path: 0 x424: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList \S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\LocalLow. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x20000, Param2 : 0x7, Param3: 0x200000, Param4: 0x0, Param5: 0x0, OutHandle: 0x420, Path: \??\C :\Users\MarK\AppData\LocalLow. 0x0A10: SUCCESS: New_NtQuerySecurityObject succeeded. Status: 0x0, Param1: 0x10 , Param2: 0x400, Param3: 0x30, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\Ha rddiskVolume1\Users\MarK\AppData\LocalLow. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x41C, Path: \??\C: \Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0xE0, Param4: 0x1, Param5: 0x0, Name: 3C3948BE6E525B8A8CE E9FAC91C9E392_*, Path: 0x41C: \Device\HarddiskVolume1\Users\MarK\AppData\LocalLo w\Microsoft\CryptnetUrlCache\MetaData. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x1000, Param3: 0x2A0, Param4: 0x0, Param5: 0x0, Path: 0x41C: \Device\Ha rddiskVolume1\Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData. 0x0A10: INFO: New_NtQueryDirectoryFile reports no more data. Status: 0x800000 06, Param1: 0x3, Param2: 0x1000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Name: , Path: 0x41C: \Device\HarddiskVolume1\Users\MarK\AppData\LocalLow\Microsoft\Crypt netUrlCache\MetaData. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: Local AppData, Path: 0x42 0: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microso ft\Windows\CurrentVersion\Explorer\User Shell Folders. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: Local AppData, Path: 0x42 0: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microso ft\Windows\CurrentVersion\Explorer\User Shell Folders. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x28, Param4: 0x0, Param5: 0x0, Name: ProfileImagePath, Path: 0 x424: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList \S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x28, Param4: 0x0, Param5: 0x0, Name: ProfileImagePath, Path: 0 x424: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList \S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424.

0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\LocalLow. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x20000, Param2 : 0x7, Param3: 0x200000, Param4: 0x0, Param5: 0x0, OutHandle: 0x420, Path: \??\C :\Users\MarK\AppData\LocalLow. 0x0A10: SUCCESS: New_NtQuerySecurityObject succeeded. Status: 0x0, Param1: 0x10 , Param2: 0x400, Param3: 0x30, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\Ha rddiskVolume1\Users\MarK\AppData\LocalLow. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x41C, Path: \?? \C:\Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C3948BE6E52 5B8A8CEE9FAC91C9E392_F3E5577AABDCA3C2DEE674E5F9C7D511. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x420, Path: \?? \C:\Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C3948BE6E525 B8A8CEE9FAC91C9E392_F3E5577AABDCA3C2DEE674E5F9C7D511. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x41C: \Device\Har ddiskVolume1\Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C3 948BE6E525B8A8CEE9FAC91C9E392_F3E5577AABDCA3C2DEE674E5F9C7D511. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x41C: \Device\HarddiskVolume1\U sers\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C3948BE6E525B8A8 CEE9FAC91C9E392_F3E5577AABDCA3C2DEE674E5F9C7D511. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 6C, Param3: 0x6C, Param4: 0x0, Param5: 0x0, Path: 0x41C: \Device\HarddiskVolume1 \Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C3948BE6E525B8 A8CEE9FAC91C9E392_F3E5577AABDCA3C2DEE674E5F9C7D511. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 134, Param3: 0x134, Param4: 0x0, Param5: 0x0, Path: 0x41C: \Device\HarddiskVolum e1\Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C3948BE6E525 B8A8CEE9FAC91C9E392_F3E5577AABDCA3C2DEE674E5F9C7D511. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 69D, Param3: 0x69D, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\HarddiskVolum e1\Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C3948BE6E525B 8A8CEE9FAC91C9E392_F3E5577AABDCA3C2DEE674E5F9C7D511. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: CryptnetPreFetchMinMaxAgeSeconds, Path: 0x41C: \REGISTRY\MACHINE\SOFTWARE \Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\C onfig. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: CryptnetPreFetchMaxMaxAgeSeconds, Path: 0x41C: \REGISTRY\MACHINE\SOFTWARE \Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\C onfig. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\SensApi.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00

00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SensApi .dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\SensApi.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x41C, Path: \??\C:\W indows\system32\SensApi.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x420, Path: 0x 41C: \Device\HarddiskVolume1\Windows\SysWOW64\SensApi.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x6CF20 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x6000, Path: 0x420: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \Sessions\1\BaseNamedObjects\SENS Information Cache. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: Local AppData, Path: 0x42 4: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microso ft\Windows\CurrentVersion\Explorer\User Shell Folders. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: Local AppData, Path: 0x42 4: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microso ft\Windows\CurrentVersion\Explorer\User Shell Folders. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x28, Param4: 0x0, Param5: 0x0, Name: ProfileImagePath, Path: 0 x428: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList \S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x28, Param4: 0x0, Param5: 0x0, Name: ProfileImagePath, Path: 0 x428: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList \S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\LocalLow. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x20000, Param2 : 0x7, Param3: 0x200000, Param4: 0x0, Param5: 0x0, OutHandle: 0x424, Path: \??\C :\Users\MarK\AppData\LocalLow. 0x0A10: SUCCESS: New_NtQuerySecurityObject succeeded. Status: 0x0, Param1: 0x10 , Param2: 0x400, Param3: 0x30, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\Ha rddiskVolume1\Users\MarK\AppData\LocalLow. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x420, Path: \??

\C:\Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B 3142E455B38A6EB92015. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x424, Path: \?? \C:\Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3 142E455B38A6EB92015. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\Har ddiskVolume1\Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\943 08059B57B3142E455B38A6EB92015. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\HarddiskVolume1\U sers\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E 455B38A6EB92015. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 6C, Param3: 0x6C, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\HarddiskVolume1 \Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B314 2E455B38A6EB92015. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x E6, Param3: 0xE6, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\HarddiskVolume1 \Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B314 2E455B38A6EB92015. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x B852, Param3: 0xB852, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\HarddiskVol ume1\Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B 3142E455B38A6EB92015. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Temp. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x0, Param4: 0x2, Param5: 0x60, OutHandle: 0x420, Path: \?? \C:\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Temp. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x0, Param4: 0x2, Param5: 0x60, OutHandle: 0x420, Path: \?? \C:\Users\MarK\AppData\Local\Temp\TarEFF.tmp. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x40100080, P aram2: 0x0, Param3: 0x0, Param4: 0x5, Param5: 0x60, OutHandle: 0x420, Path: \??\ C:\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 xB852, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: SystemSetupInProgress, Pa th: 0x420: \REGISTRY\MACHINE\SYSTEM\Setup. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P

ath: \KnownDlls32\Cabinet.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Cabinet .dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\Cabinet.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x420, Path: \??\C:\W indows\system32\Cabinet.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x424, Path: 0x 420: \Device\HarddiskVolume1\Windows\SysWOW64\cabinet.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x70320 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x15000, Path: 0x424: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\system32\CabEFE.tmp. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Temp\. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x420, Path: \??\ C:\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x424, Path: \??\ C:\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 24, Param3: 0x24, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\HarddiskVolume1 \Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0xE , Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\Hardd iskVolume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\Harddis kVolume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\Harddis kVolume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\DEVRTL.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\DEVRTL. dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\DEVRTL.dll.

0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x428, Path: \??\C:\W indows\system32\DEVRTL.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x42C, Path: 0x 428: \Device\HarddiskVolume1\Windows\SysWOW64\devrtl.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74080 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xE000, Path: 0x42C: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x42C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x42C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\INF\. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: LogLevel, Path: 0x428: \R EGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: LogMask, Path: 0x428: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\Curren tVersion\Setup. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: LogMaxFileSize, Path: 0x428: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Setup. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0xE , Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\Hardd iskVolume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\Harddis kVolume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 10, Param3: 0x10, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\HarddiskVolume1 \Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0xE , Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\Hardd iskVolume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\Harddis kVolume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 100, Param3: 0x100, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\Harddis kVolume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0xC0100080, P aram2: 0x80, Param3: 0x3, Param4: 0x5, Param5: 0x60, OutHandle: 0x428, Path: \?? \C:\Users\MarK\AppData\Local\Temp\TarEFF.tmp. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\Harddis kVolume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\HarddiskVolume1\U sers\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\Harddis kVolume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp.

0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\HarddiskVolume1\U sers\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 3912, Param3: 0x3912, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\HarddiskVol ume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x8000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Temp\TarEFF.tmp. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\HarddiskVolume1\U sers\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 31B8, Param3: 0x31B8, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\HarddiskVol ume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x8000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Temp\TarEFF.tmp. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\HarddiskVolume1\U sers\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 31B4, Param3: 0x31B4, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\HarddiskVol ume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x8000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Temp\TarEFF.tmp. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\HarddiskVolume1\U sers\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1B6B, Param3: 0x1B6B, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\HarddiskVol ume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2F93, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Temp\TarEFF.tmp. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0x4, Param2: 0x28, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428: \Device\Harddi skVolume1\Users\MarK\AppData\Local\Temp\TarEFF.tmp. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0xE , Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\Hardd iskVolume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\Harddis kVolume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x3, Param4: 0x1, Param5: 0x60, OutHandle: 0x424, Path: \??\ C:\Users\MarK\AppData\Local\Temp\TarEFF.tmp. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Temp\TarEFF.tmp. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1AF93, Param3: 0x1AF93, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\HarddiskV olume1\Users\MarK\AppData\Local\Temp\TarEFF.tmp.

0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x10080, Param2 : 0x7, Param3: 0x204040, Param4: 0x0, Param5: 0x0, OutHandle: 0x424, Path: \??\C :\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x2 3, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\Hard diskVolume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xD, Param2: 0x1, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\Harddis kVolume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x10080, Param2 : 0x7, Param3: 0x204040, Param4: 0x0, Param5: 0x0, OutHandle: 0x424, Path: \??\C :\Users\MarK\AppData\Local\Temp\TarEFF.tmp. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x2 3, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\Hard diskVolume1\Users\MarK\AppData\Local\Temp\TarEFF.tmp. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xD, Param2: 0x1, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\Harddis kVolume1\Users\MarK\AppData\Local\Temp\TarEFF.tmp. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x424: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x424: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x424: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x26, Param4: 0x0, Param5: 0x0, Name: $DLL, Path: 0x428: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certific ate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x3E, Param4: 0x0, Param5: 0x0, Name: $Function, Path: 0x428: \ REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cer tificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x26, Param4: 0x0, Param5: 0x0, Name: $DLL, Path: 0x428: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPol icy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x34, Param4: 0x0, Param5: 0x0, Name: $Function, Path: 0x428: \ REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Fin

alPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x26, Param4: 0x0, Param5: 0x0, Name: $DLL, Path: 0x428: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initiali zation\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: $Function, Path: 0x428: \ REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Ini tialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x26, Param4: 0x0, Param5: 0x0, Name: $DLL, Path: 0x428: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\ {00AAC56B-CD44-11D0-8CC2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x32, Param4: 0x0, Param5: 0x0, Name: $Function, Path: 0x428: \ REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Mes sage\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x26, Param4: 0x0, Param5: 0x0, Name: $DLL, Path: 0x428: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signatur e\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x36, Param4: 0x0, Param5: 0x0, Name: $Function, Path: 0x428: \ REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Sig nature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x26, Param4: 0x0, Param5: 0x0, Name: $DLL, Path: 0x428: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertChec k\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x2E, Param4: 0x0, Param5: 0x0, Name: $Function, Path: 0x428: \ REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cer tCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x26, Param4: 0x0, Param5: 0x0, Name: $DLL, Path: 0x428: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\ {00AAC56B-CD44-11D0-8CC2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x2A, Param4: 0x0, Param5: 0x0, Name: $Function, Path: 0x428: \ REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cle anup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x0, Param1: 0 x2, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214: . 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\LevelObjects. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x428, Path: \Registry\Machi ne\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers.

0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Levels, Path: 0x428: \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Window s\safer\codeidentifiers. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\P aths. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\H ashes. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\U rlZones. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\409 6\Paths. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\409 6\Hashes. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\409 6\UrlZones. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\655 36\Paths. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\655 36\Hashes. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\655 36\UrlZones. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131 072\Paths. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131 072\Hashes. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131 072\UrlZones. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262 144\Paths. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262 144\Hashes. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262 144\UrlZones. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers\0\Paths. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes.

0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes.

0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x428, Path: \Registry\M achine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: DefaultLevel, Path: 0x428: \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\ Windows\safer\codeidentifiers. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x428, Path: \Registry\M achine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: SaferFlags, Path: 0x428: \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Wi ndows\safer\codeidentifiers. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x42C, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Disallowed. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x42C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x42C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x42C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x42C. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x428, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Disallowed. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x42C. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x430, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC

ertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430: \REGISTRY\USER\S-1-521-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Di sallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x430: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x430: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x430, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x430: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x430: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x430, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x430: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x430: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x428, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\Disallowed. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x434, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434: \REGISTRY\USER\S-1-521-4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertif

icates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x434: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x434: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x434, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x434: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x434: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x434, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x434: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x434: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x428, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\Disallowed. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x428, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\Disallowed. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x438, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOF TWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x

B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\1916A2AF346D399F50313C393200F14140456616. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\1916A2AF346D399F50313C393200F14140456616. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6D8, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\1916 A2AF346D399F50313C393200F14140456616. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x628, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\2B84 BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6EC, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\305F 8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000

0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x688, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\367D 4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x55C, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\40AA 38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x670, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\43D9 BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E3, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG

ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\471C 949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x7, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x4BB, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\51C3 247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x8, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x77C, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\5DE8 3EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x9, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x7D1, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6179 3FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xA, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name:

Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x94A, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6371 62CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xB, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E3, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\63FE AE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xC, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\6431723036FD26DEA502792FA595922493030F97. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\6431723036FD26DEA502792FA595922493030F97. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E2, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6431 723036FD26DEA502792FA595922493030F97. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xD, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x95C, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F

4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xE, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6CD, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\8096 2AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xF, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x688, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\86E8 17C81A5CA672FE000F36F878C19518D6F844. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x10, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x602, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\8E5B D50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x11, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal

lowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x64A, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\9845 A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x12, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x54F, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B533 345D06F64516403C00DA03187D3BFEF59156. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x13, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x628, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B86E 791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x14, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x65E, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\C060 ED44CBD881BD0EF86C0BA287DDCF8167478C.

0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x15, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E0, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\CEA5 86B2CE593EC7D939898337C57814708AB2BE. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x16, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6CD, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\D018 B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x17, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x50D, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\F8A5 4E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x438, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW

ARE\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x438, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x428, Path: \REGIST RY\MACHINE\Software\Policies\Microsoft\SystemCertificates\Disallowed. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x438, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificate s. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOF TWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x438, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x438, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x428, Path: \REGIST RY\MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x428, Path: \REGIST RY\MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x43C, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C: \REGISTRY\MACHINE\SOF TWARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x43C: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x43C: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x43C, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x43C: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x43C: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x43C, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x43C: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x43C: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x42C: \REGISTRY\USER\S -1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificat es\Disallowed. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x1C, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x444: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x444: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa

llowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x444. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x444: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x444: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x444. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x444: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x444: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x444. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x44C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x44C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x44C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x44C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x44C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x44C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x434: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\SystemCertificates\Disallowed. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x1D, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: .

0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\1916A2AF346D399F50313C393200F14140456616. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\1916A2AF346D399F50313C393200F14140456616. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6D8, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\1916 A2AF346D399F50313C393200F14140456616. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x628, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\2B84 BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6EC, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\305F 8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates.

0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x688, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\367D 4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x55C, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\40AA 38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x670, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\43D9 BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param

2: 0x6E3, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\471C 949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x7, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x4BB, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\51C3 247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x8, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x77C, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\5DE8 3EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x9, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x7D1, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6179 3FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xA, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000

0005, Param1: 0x2, Param2: 0x90, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x94A, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6371 62CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xB, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E3, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\63FE AE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xC, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\6431723036FD26DEA502792FA595922493030F97. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\6431723036FD26DEA502792FA595922493030F97. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E2, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6431 723036FD26DEA502792FA595922493030F97. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xD, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x95C, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG

ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F 4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xE, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6CD, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\8096 2AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xF, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x688, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\86E8 17C81A5CA672FE000F36F878C19518D6F844. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x10, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x602, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\8E5B D50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x11, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name:

Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x64A, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\9845 A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x12, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x54F, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B533 345D06F64516403C00DA03187D3BFEF59156. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x13, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x628, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B86E 791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x14, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x65E, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\C060

ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x15, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E0, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\CEA5 86B2CE593EC7D939898337C57814708AB2BE. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x16, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6CD, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\D018 B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x17, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x50D, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\F8A5 4E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x450. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x

B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x450. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x450. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x458: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x458: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x458: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x458: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x458: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x458: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x1E, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x45C: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x45C: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x45C. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x45C: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x45C: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x45C. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x

B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x45C: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x45C: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x45C. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x1F, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x450. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x1E, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x444. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x1D, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x440. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x42C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\system32\rpcss.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\system32\rpcss.dll. 0x0A10: SUCCESS: New_NtDeviceIoControlFile succeeded. Status: 0x0, Param1: 0x39 0008, Param2: 0x30, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230: \Device\ KsecDD. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x69400 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xDF000, Path: 0x42C: . 0x0A10: SUCCESS: New_NtDeviceIoControlFile succeeded. Status: 0x0, Param1: 0x39 0008, Param2: 0x30, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230: \Device\ KsecDD. 0x0A10: INFO: Call to New_QueryActCtxW made: Flags: 0x0, ActCtx: 0x0, InfoCla

ss: 0x2, Ret: 0x0. 0x1174: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: Call to New_QueryActCtxW made: Flags: 0x0, ActCtx: 0x0, InfoCla ss: 0x2, Ret: 0x1. 0x0A10: INFO: Call to New_QueryActCtxW made: Flags: 0x0, ActCtx: 0x0, InfoCla ss: 0x2, Ret: 0x0. 0x1174: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: Call to New_QueryActCtxW made: Flags: 0x0, ActCtx: 0x0, InfoCla ss: 0x2, Ret: 0x1. 0x1174: SUCCESS: New_NtDeviceIoControlFile succeeded. Status: 0x0, Param1: 0x39 0008, Param2: 0x30, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230: \Device\ KsecDD. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x430, Path: \??\ C:\Windows\system32\l_intl.nls. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x430: \Device\Har ddiskVolume1\Windows\SysWOW64\l_intl.nls. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x448, Path: 0x430. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x1CE00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x3000, Path: 0x448: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Mi crosoft.NET\Framework\v4.0.30319. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Category, Path: 0x448: \R EGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\F olderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x18, Param4: 0x0, Param5: 0x0, Name: Name, Path: 0x448: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Folde rDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x5A, Param4: 0x0, Param5: 0x0, Name: ParentFolder, Path: 0x448 : \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explor er\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Description, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsof t\Windows\CurrentVersion\explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-60 07CAEDCF9D}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x62, Param4: 0x0, Param5: 0x0, Name: RelativePath, Path: 0x448

: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explor er\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: ParsingName, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsof t\Windows\CurrentVersion\explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-60 07CAEDCF9D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: InfoTip, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Wi ndows\CurrentVersion\explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CA EDCF9D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: LocalizedName, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Micros oft\Windows\CurrentVersion\explorer\FolderDescriptions\{352481E8-33BE-4251-BA856007CAEDCF9D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Icon, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windo ws\CurrentVersion\explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDC F9D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Security, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\W indows\CurrentVersion\explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007C AEDCF9D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: StreamResource, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Micro soft\Windows\CurrentVersion\explorer\FolderDescriptions\{352481E8-33BE-4251-BA85 -6007CAEDCF9D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: StreamResourceType, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\M icrosoft\Windows\CurrentVersion\explorer\FolderDescriptions\{352481E8-33BE-4251BA85-6007CAEDCF9D}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: LocalRedirectOnly, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\e xplorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Roamable, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\W indows\CurrentVersion\explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007C AEDCF9D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreCreate, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007 CAEDCF9D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Stream, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Win dows\CurrentVersion\explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAE DCF9D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PublishExpandedPath, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\ Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{352481E8-33BE-4251 -BA85-6007CAEDCF9D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Attributes, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft \Windows\CurrentVersion\explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-600 7CAEDCF9D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: FolderTypeID, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microso ft\Windows\CurrentVersion\explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6 007CAEDCF9D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: InitFolderHandler, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Mi

crosoft\Windows\CurrentVersion\explorer\FolderDescriptions\{352481E8-33BE-4251-B A85-6007CAEDCF9D}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x448, Path: \REGISTRY\U SER\S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x9A, Param4: 0x0, Param5: 0x0, Name: C ache, Path: 0x430: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x9A, Param4: 0x0, Param5: 0x0, Name: C ache, Path: 0x430: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x9A, Param3: 0x9A, Param4: 0x0, Param5: 0x0, Name: Cache, Path: 0x430: \REGI STRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Windo ws\CurrentVersion\Explorer\User Shell Folders. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Microsoft\Windows\Temporary Internet Files. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.ex e.config. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Fi les (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: LatestIndex, Path: 0x430: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Type, Path: 0x430: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Micros oft Enhanced RSA and AES Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x430: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Enhanced RSA and AES Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x430: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Enhanced RSA and AES Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x430: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Enhanced RSA and AES Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param

2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x430: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Enhanced RSA and AES Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x448, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Windows \CurrentVersion\WinTrust\Trust Providers\Software Publishing. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: State, Path: 0x448: \REGI STRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Windo ws\CurrentVersion\WinTrust\Trust Providers\Software Publishing. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x18, Param4: 0x0, Param5: 0x0, Name: Safety Warning Level, Pat h: 0x430: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\ Microsoft\Internet Explorer\Security. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x3F4DA0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F4DA0: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1C68, P ath: 0x3F4DA0: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu

res\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x6A200 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xA00000, Path: 0x37F1C68: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE. exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6A20000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1C68. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4DA0: \Device\Hard diskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F4DA0: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1C68, P ath: 0x3F4DA0: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x6A200 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xA00000, Path: 0x37F1C68: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE. exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3E300 00, Param2: 0x0, Param3: 0x0, Param4: 0x11B0000, Param5: 0x4000, Path: 0x37F1C68 : \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\S AFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3E30000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6A20000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1C68. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F4DA0: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4DA0: \Device\Hard diskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F4DA0: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1C68, P ath: 0x3F4DA0: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x6A200 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xA00000, Path: 0x37F1C68: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE. exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3E300 00, Param2: 0x0, Param3: 0x0, Param4: 0x11B0000, Param5: 0x4000, Path: 0x37F1C68 : \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\S AFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3E30000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0.

0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6A20000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1C68. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4DA0: \Device\Hard diskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4DA0: \Device\Hard diskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: INFO: New_NtDeviceIoControlFile reports insufficient buffer. Status: 0x80000005, Param1: 0x390402, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0 , Name: , Path: 0x270: \Device\KsecDD. 0x0A10: SUCCESS: New_NtDeviceIoControlFile succeeded. Status: 0x0, Param1: 0x39 0402, Param2: 0xD8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270: \Device\ KsecDD. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F4DA0: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1C68, P ath: 0x3F4DA0: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x6A200 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xA00000, Path: 0x37F1C68: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE. exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74200 00, Param2: 0x0, Param3: 0x0, Param4: 0xA00000, Param5: 0x100000, Path: 0x37F1C6 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ SAFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7420000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74200 00, Param2: 0x0, Param3: 0x0, Param4: 0xB00000, Param5: 0x100000, Path: 0x37F1C6 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ SAFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7420000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74200 00, Param2: 0x0, Param3: 0x0, Param4: 0xC00000, Param5: 0x100000, Path: 0x37F1C6 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ SAFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7420000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74200 00, Param2: 0x0, Param3: 0x0, Param4: 0xD00000, Param5: 0x100000, Path: 0x37F1C6 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ SAFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7420000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74200 00, Param2: 0x0, Param3: 0x0, Param4: 0xE00000, Param5: 0x100000, Path: 0x37F1C6 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ SAFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7420000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74200

00, Param2: 0x0, Param3: 0x0, Param4: 0xF00000, Param5: 0x100000, Path: 0x37F1C6 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ SAFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7420000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74200 00, Param2: 0x0, Param3: 0x0, Param4: 0x1000000, Param5: 0x100000, Path: 0x37F1C 68: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12 \SAFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7420000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74200 00, Param2: 0x0, Param3: 0x0, Param4: 0x1100000, Param5: 0xB4000, Path: 0x37F1C6 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ SAFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7420000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6A20000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1C68. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x434, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Disallowed. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x448, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Disallowed. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x44C, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C: \REGISTRY\USER\S-1-521-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Di sallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x44C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x

B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x44C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x44C, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x44C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x44C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x44C, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x44C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x44C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x448, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\Disallowed. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x450, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x450: \REGISTRY\USER\S-1-521-4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertif icates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x450: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x450: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x450. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x450, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x450: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x450: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x450. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x450, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x450: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x450: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x450. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x448, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\Disallowed. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x448, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\Disallowed. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x454, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\SOF TWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name:

Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\1916A2AF346D399F50313C393200F14140456616. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\1916A2AF346D399F50313C393200F14140456616. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6D8, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\1916 A2AF346D399F50313C393200F14140456616. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x628, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\2B84 BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6EC, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\305F 8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x688, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\367D

4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x55C, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\40AA 38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x670, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\43D9 BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E3, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\471C 949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x7, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal

lowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x4BB, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\51C3 247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x8, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x77C, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\5DE8 3EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x9, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x7D1, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6179 3FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xA, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x94A, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6371 62CC59A3A1E25956FA5FA8F60D2E1C52EAC6.

0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xB, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E3, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\63FE AE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xC, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\6431723036FD26DEA502792FA595922493030F97. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\6431723036FD26DEA502792FA595922493030F97. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E2, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6431 723036FD26DEA502792FA595922493030F97. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xD, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x95C, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F 4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xE, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF.

0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6CD, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\8096 2AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xF, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x688, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\86E8 17C81A5CA672FE000F36F878C19518D6F844. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x10, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x602, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\8E5B D50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x11, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x64A, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\9845 A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x12, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x54F, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B533 345D06F64516403C00DA03187D3BFEF59156. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x13, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x628, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B86E 791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x14, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x65E, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\C060 ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x15, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000

0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E0, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\CEA5 86B2CE593EC7D939898337C57814708AB2BE. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x16, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6CD, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\D018 B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x17, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x50D, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\F8A5 4E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x454, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x454, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x

B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x448, Path: \REGIST RY\MACHINE\Software\Policies\Microsoft\SystemCertificates\Disallowed. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x454, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificate s. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\SOF TWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x454, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x454, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x448, Path: \REGIST RY\MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x448, Path: \REGIST RY\MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par

am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x438, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOF TWARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x438, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x438, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x434: \REGISTRY\USER\S -1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificat es\Disallowed. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x1C, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x45C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x45C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x45C. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x45C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x45C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa

llowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x45C. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x45C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x45C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x45C. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x464: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x464: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x464. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x464: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x464: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x464. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x464: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x464: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x464. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x460. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x450: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\SystemCertificates\Disallowed. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x1D, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000

0005, Param1: 0x2, Param2: 0x90, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\1916A2AF346D399F50313C393200F14140456616. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\1916A2AF346D399F50313C393200F14140456616. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6D8, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\1916 A2AF346D399F50313C393200F14140456616. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x628, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\2B84 BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6EC, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\305F 8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x688, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG

ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\367D 4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x55C, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\40AA 38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x670, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\43D9 BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E3, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\471C 949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x7, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name:

Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x4BB, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\51C3 247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x8, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x77C, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\5DE8 3EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x9, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x7D1, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6179 3FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xA, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x94A, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6371

62CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xB, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E3, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\63FE AE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xC, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\6431723036FD26DEA502792FA595922493030F97. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\6431723036FD26DEA502792FA595922493030F97. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E2, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6431 723036FD26DEA502792FA595922493030F97. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xD, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x95C, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F 4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xE, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal

lowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6CD, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\8096 2AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xF, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x688, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\86E8 17C81A5CA672FE000F36F878C19518D6F844. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x10, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x602, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\8E5B D50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x11, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x64A, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\9845 A431D51959CAF225322B4A4FE9F223CE6D15.

0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x12, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x54F, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B533 345D06F64516403C00DA03187D3BFEF59156. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x13, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x628, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B86E 791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x14, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x65E, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\C060 ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x15, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE.

0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E0, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\CEA5 86B2CE593EC7D939898337C57814708AB2BE. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x16, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6CD, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\D018 B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x17, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x50D, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\F8A5 4E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x468. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x468. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CTLs.

0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x468. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x454: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x1E, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x474: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x474: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x474. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x474: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x474: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x474. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x474: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x474: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x474. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x1F, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x468. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x1E, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x464. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x450. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x460. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x45C. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x1D, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4DA0. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F2C88, Path: \?? \C:\Program Files (x86)\Computers and Structures\SAFE 12\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: SAFE.INI, Path: 0x3F2C88: \Device\HarddiskVolume1\Program Files (x86 )\Computers and Structures\SAFE 12\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x3F4DA0, Path: \ ??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F4DA0: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1C68, P ath: 0x3F4DA0: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x6E200 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x11B4000, Path: 0x37F1C68: \ Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE .exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6E20000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1C68. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4DA0. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Latest, Path: 0x448: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x438, Path: \??\ C:\Windows\assembly\pubpol39.dat. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x12, Param4: 0x0, Param5: 0x0, Name: index39, Path: 0x448: \RE GISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LegacyPolicyTimeStamp, Pa th: 0x448: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default. 0x0A10: INFO: New_NtQueryFullAttributesFile reports item not found: Status: 0 xC0000034, Path: \??\C:\Windows\assembly\GAC\PublisherPolicy.tme. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Mi crosoft.NET\Framework\v2.0.50727\config\machine.config. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x434, Path: \?? \C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x FFF, Param3: 0xFFF, Param4: 0x0, Param5: 0x0, Path: 0x434: \Device\HarddiskVolum e1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 186B, Param3: 0x186B, Param4: 0x0, Param5: 0x0, Path: 0x434: \Device\HarddiskVol ume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1076, Param3: 0x1076, Param4: 0x0, Param5: 0x0, Path: 0x434: \Device\HarddiskVol ume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 100D, Param3: 0x100D, Param4: 0x0, Param5: 0x0, Path: 0x434: \Device\HarddiskVol ume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1066, Param3: 0x1066, Param4: 0x0, Param5: 0x0, Path: 0x434: \Device\HarddiskVol ume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x14, Param5: 0x0, Path: 0x434: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x1, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_3 2\NI\1c22df2f\4f99a7c9. 0x0A10: INFO: New_NtEnumerateValueKey reports no more data. Status: 0x8000001 A, Param1: 0x0, Param2: 0x1, Param3: 0x20A, Param4: 0x0, Param5: 0x0, Name: , Pa th: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50 727_32\NI\1c22df2f\4f99a7c9. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x6C, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\ 1c22df2f\4f99a7c9\83. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: ConfigMask, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1 c22df2f\4f99a7c9\83. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param

2: 0x90, Param3: 0xE, Param4: 0x0, Param5: 0x0, Name: ConfigString, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\ 1c22df2f\4f99a7c9\83. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x1C, Param4: 0x0, Param5: 0x0, Name: MVID, Path: 0x434: \REGIS TRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2 f\4f99a7c9\83. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: EvalationData, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\N ativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\83. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x434: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22d f2f\4f99a7c9\83. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x98, Param4: 0x0, Param5: 0x0, Name: I LDependencies, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeIm agesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\83. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x98, Param3: 0x98, Param4: 0x0, Param5: 0x0, Name: ILDependencies, Path: 0x4 34: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\ NI\1c22df2f\4f99a7c9\83. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x34, Param4: 0x0, Param5: 0x0, Name: NIDependencies, Path: 0x4 34: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\ NI\1c22df2f\4f99a7c9\83. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: MissingDependencies, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fu sion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\83. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x6A, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ c991064\591b6ebf\14. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x434: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c9910 64\591b6ebf\14. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Modules, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeI magesIndex\v2.0.50727_32\IL\c991064\591b6ebf\14. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x434: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\ 591b6ebf\14. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ c991064\591b6ebf\14. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x5E, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 6dc7d4c0\a5cd4db\16. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x434: \REG

ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d 4c0\a5cd4db\16. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Modules, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeI magesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\16. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x434: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0 \a5cd4db\16. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 6dc7d4c0\a5cd4db\16. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x64, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 3ced59c5\1b2590b1\39. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x434: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced5 9c5\1b2590b1\39. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Modules, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeI magesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\39. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x434: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5 \1b2590b1\39. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 3ced59c5\1b2590b1\39. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x70, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ f6e8397\46ad0879\d. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x434: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e83 97\46ad0879\d. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Modules, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeI magesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\d. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x434: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\ 46ad0879\d. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ f6e8397\46ad0879\d. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x64, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\

2b1a4e4\38a3212c\64. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x434: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4 e4\38a3212c\64. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Modules, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeI magesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\64. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x434: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\ 38a3212c\64. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 2b1a4e4\38a3212c\64. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 24bf93f6\455bab30\31. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x434: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf9 3f6\455bab30\31. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Modules, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeI magesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\31. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x434: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6 \455bab30\31. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 24bf93f6\455bab30\31. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x6C, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 4f99a7c9\53bea2b0\a1. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x434: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a 7c9\53bea2b0\a1. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Modules, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeI magesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\a1. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x434: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9 \53bea2b0\a1. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 4f99a7c9\53bea2b0\a1. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434.

0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\ 30bc7c4f\3f50fe4f\4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: ConfigMask, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3 0bc7c4f\3f50fe4f\4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0xE, Param4: 0x0, Param5: 0x0, Name: ConfigString, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\ 30bc7c4f\3f50fe4f\4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x1C, Param4: 0x0, Param5: 0x0, Name: MVID, Path: 0x434: \REGIS TRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4 f\3f50fe4f\4. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: EvalationData, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\N ativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x434: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7 c4f\3f50fe4f\4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x48, Param4: 0x0, Param5: 0x0, Name: ILDependencies, Path: 0x4 34: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\ NI\30bc7c4f\3f50fe4f\4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x20, Param4: 0x0, Param5: 0x0, Name: NIDependencies, Path: 0x4 34: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\ NI\30bc7c4f\3f50fe4f\4. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: MissingDependencies, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fu sion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x6A, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 424bd4d8\1c83327b\2. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x434: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd 4d8\1c83327b\2. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Modules, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeI magesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\2. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x434: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8 \1c83327b\2. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 424bd4d8\1c83327b\2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\

19ab8d57\1bd7b0d8\3. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x434: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8 d57\1bd7b0d8\3. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Modules, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeI magesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\3. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x434: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57 \1bd7b0d8\3. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 19ab8d57\1bd7b0d8\3. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 3f50fe4f\7b2a17f0\4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x434: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50f e4f\7b2a17f0\4. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Modules, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeI magesIndex\v2.0.50727_32\IL\3f50fe4f\7b2a17f0\4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x434: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f \7b2a17f0\4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 3f50fe4f\7b2a17f0\4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: Microsoft.VisualBasic,8.0 .0.0,,b03f5f7f11d50a3a,MSIL, Path: 0x200: \REGISTRY\MACHINE\Software\Microsoft\F usion\GACChangeNotification\Default. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: System,2.0.0.0,,b77a5c561 934e089,MSIL, Path: 0x200: \REGISTRY\MACHINE\Software\Microsoft\Fusion\GACChange Notification\Default. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: System.Xml,2.0.0.0,,b77a5 c561934e089,MSIL, Path: 0x200: \REGISTRY\MACHINE\Software\Microsoft\Fusion\GACCh angeNotification\Default. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: System.Configuration,2.0. 0.0,,b03f5f7f11d50a3a,MSIL, Path: 0x200: \REGISTRY\MACHINE\Software\Microsoft\Fu sion\GACChangeNotification\Default. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.

dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x434, Path: \??\C:\W indows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c3 79\System.ni.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x458, Path: 0x 434: \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\System\ abab08afa60a6f06bdde0fcc9649c379\System.ni.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5FCA0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x79C000, Path: 0x458: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: System.Web,2.0.0.0,,b03f5 f7f11d50a3a,x86, Path: 0x200: \REGISTRY\MACHINE\Software\Microsoft\Fusion\GACCha ngeNotification\Default. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: System.Management,2.0.0.0 ,,b03f5f7f11d50a3a,MSIL, Path: 0x200: \REGISTRY\MACHINE\Software\Microsoft\Fusio n\GACChangeNotification\Default. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: System.Runtime.Remoting,2 .0.0.0,,b77a5c561934e089,MSIL, Path: 0x200: \REGISTRY\MACHINE\Software\Microsoft \Fusion\GACChangeNotification\Default. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: System.Deployment,2.0.0.0 ,,b03f5f7f11d50a3a,MSIL, Path: 0x200: \REGISTRY\MACHINE\Software\Microsoft\Fusio n\GACChangeNotification\Default. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: System.Drawing,2.0.0.0,,b 03f5f7f11d50a3a,MSIL, Path: 0x200: \REGISTRY\MACHINE\Software\Microsoft\Fusion\G ACChangeNotification\Default. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: System.Windows.Forms,2.0. 0.0,,b77a5c561934e089,MSIL, Path: 0x200: \REGISTRY\MACHINE\Software\Microsoft\Fu sion\GACChangeNotification\Default. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\32f68764be7200d3796b55e377311 245\Microsoft.VisualBasic.ni.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x434, Path: \??\C:\W indows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\32f68764be7200d3 796b55e377311245\Microsoft.VisualBasic.ni.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x458, Path: 0x 434: \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\Microso ft.VisualBas#\32f68764be7200d3796b55e377311245\Microsoft.VisualBasic.ni.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x57580 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x19B000, Path: 0x458: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2

: 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x434, Path: \??\C: \Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: Microsoft.VisualBasic.INI, Path: 0x434: \Device\HarddiskVolume1\Wind ows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x434, Path: \??\C: \Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: System.INI, Path: 0x434: \Device\HarddiskVolume1\Windows\assembly\GA C_MSIL\System\2.0.0.0__b77a5c561934e089. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Micros oft.NET\Framework\v2.0.50727\mscorjit.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x434, Path: \??\C:\W indows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x458, Path: 0x 434: \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit .dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x60AC0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x5B000, Path: 0x458: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x434, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x434: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x120089, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x434, Path: \??\C:\W indows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x434: \Device \HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x434: \Device\Har ddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll.

0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x88, File: C:\ Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, AsmDir: , ResourceName: Int Resource: 2, AppName: , HMod: 0x60AC0000 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Microsoft\Windows\CurrentVersion\SideBySide\Assembly StorageRoots. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.ex e.Local\. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100020, Param 2: 0x3, Param3: 0x21, Param4: 0x0, Param5: 0x0, OutHandle: 0x434, Path: \??\C:\W indows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154 e044272b9a. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: mscorjit.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows N T\CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: System.ni.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Microsoft.VisualBasic.ni.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Mic rosoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x14, Param5: 0x0, Path: 0x458: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x1, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_3 2\NI\61e7e666\c991064. 0x0A10: INFO: New_NtEnumerateValueKey reports no more data. Status: 0x8000001 A, Param1: 0x0, Param2: 0x1, Param3: 0x20A, Param4: 0x0, Param5: 0x0, Name: , Pa th: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50 727_32\NI\61e7e666\c991064. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x6A, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\ 61e7e666\c991064\23. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: ConfigMask, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6 1e7e666\c991064\23. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0xE, Param4: 0x0, Param5: 0x0, Name: ConfigString, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\ 61e7e666\c991064\23. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x1C, Param4: 0x0, Param5: 0x0, Name: MVID, Path: 0x458: \REGIS TRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e66 6\c991064\23. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458.

0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: EvalationData, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\N ativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\23. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x458: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e 666\c991064\23. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x98, Param4: 0x0, Param5: 0x0, Name: I LDependencies, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeIm agesIndex\v2.0.50727_32\NI\61e7e666\c991064\23. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x98, Param3: 0x98, Param4: 0x0, Param5: 0x0, Name: ILDependencies, Path: 0x4 58: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\ NI\61e7e666\c991064\23. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x48, Param4: 0x0, Param5: 0x0, Name: NIDependencies, Path: 0x4 58: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\ NI\61e7e666\c991064\23. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: MissingDependencies, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fu sion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\23. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x60, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 475dce40\2d382ce6\9. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x458: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dc e40\2d382ce6\9. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Modules, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeI magesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\9. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x458: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40 \2d382ce6\9. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 475dce40\2d382ce6\9. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x5C, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 2dd6ac50\163e1f5e\7. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x458: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6a c50\163e1f5e\7. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Modules, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeI magesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\7. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x458: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50 \163e1f5e\7.

0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 2dd6ac50\163e1f5e\7. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x9A, Param4: 0x0, Param5: 0x0, Name: D isplayName, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImage sIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\2a. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x9A, Param3: 0x9A, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 41c04c7e\7f3b6ac4\2a. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x458: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04 c7e\7f3b6ac4\2a. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Modules, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeI magesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\2a. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x458: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e \7f3b6ac4\2a. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 41c04c7e\7f3b6ac4\2a. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x5E, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\ 3cca06a0\6dc7d4c0\27. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: ConfigMask, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3 cca06a0\6dc7d4c0\27. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0xE, Param4: 0x0, Param5: 0x0, Name: ConfigString, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\ 3cca06a0\6dc7d4c0\27. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x1C, Param4: 0x0, Param5: 0x0, Name: MVID, Path: 0x458: \REGIS TRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a 0\6dc7d4c0\27. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: EvalationData, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\N ativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\27. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x458: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca0 6a0\6dc7d4c0\27. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x20, Param4: 0x0, Param5: 0x0, Name: ILDependencies, Path: 0x4 58: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\ NI\3cca06a0\6dc7d4c0\27. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x34, Param4: 0x0, Param5: 0x0, Name: NIDependencies, Path: 0x4

58: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\ NI\3cca06a0\6dc7d4c0\27. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: MissingDependencies, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fu sion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\27. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\Sy stem.Drawing.ni.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x458, Path: \??\C:\W indows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41 d8067359a1\System.Drawing.ni.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x45C, Path: 0x 458: \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\System. Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5F960 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x188000, Path: 0x45C: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x45C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x45C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: System.Runtime.Serializat ion.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL, Path: 0x200: \REGISTRY\MACHI NE\Software\Microsoft\Fusion\GACChangeNotification\Default. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: Accessibility,2.0.0.0,,b0 3f5f7f11d50a3a,MSIL, Path: 0x200: \REGISTRY\MACHINE\Software\Microsoft\Fusion\GA CChangeNotification\Default. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: System.Security,2.0.0.0,, b03f5f7f11d50a3a,MSIL, Path: 0x200: \REGISTRY\MACHINE\Software\Microsoft\Fusion\ GACChangeNotification\Default. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b 9db\System.Windows.Forms.ni.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x458, Path: \??\C:\W indows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aaf eadbe22b6b31b9db\System.Windows.Forms.ni.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x45C, Path: 0x 458: \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\System. Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5E780 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xBDE000, Path: 0x45C: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2

: 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x45C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x45C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x458, Path: \??\C: \Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: System.Windows.Forms.INI, Path: 0x458: \Device\HarddiskVolume1\Windo ws\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x458, Path: \??\C: \Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: System.Drawing.INI, Path: 0x458: \Device\HarddiskVolume1\Windows\ass embly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtDuplicateObject succeeded. Status: 0x0, Param1: 0xFFFFFF FF, Param2: 0xFFFFFFFF, Param3: 0x0, Param4: 0x0, Param5: 0x2, OutHandle: 0x45C, Path: 0xFFFFFFFE: . 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\Globalization\es-es.nlp. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: DbgJITDebugLaunchSetting, Path: 0x44C: \REGISTRY\MACHINE\SOFTWARE\Wow6432 Node\Microsoft\.NETFramework. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: DbgManagedDebugger, Path: 0x44C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\M icrosoft\.NETFramework. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x14, Param5: 0x0, Path: 0x44C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\432ba598\f6e8397. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x1, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x44C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_3 2\NI\432ba598\f6e8397. 0x0A10: INFO: New_NtEnumerateValueKey reports no more data. Status: 0x8000001 A, Param1: 0x0, Param2: 0x1, Param3: 0x20A, Param4: 0x0, Param5: 0x0, Name: , Pa th: 0x44C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50 727_32\NI\432ba598\f6e8397. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x70, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x44C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\ 432ba598\f6e8397\21. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: ConfigMask, Path: 0x44C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4 32ba598\f6e8397\21. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0xE, Param4: 0x0, Param5: 0x0, Name: ConfigString, Path: 0x44C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\ 432ba598\f6e8397\21. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x1C, Param4: 0x0, Param5: 0x0, Name: MVID, Path: 0x44C: \REGIS TRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\432ba59 8\f6e8397\21. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: EvalationData, Path: 0x44C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\N ativeImagesIndex\v2.0.50727_32\NI\432ba598\f6e8397\21. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x44C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\432ba 598\f6e8397\21. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x84, Param4: 0x0, Param5: 0x0, Name: ILDependencies, Path: 0x4 4C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\ NI\432ba598\f6e8397\21. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x34, Param4: 0x0, Param5: 0x0, Name: NIDependencies, Path: 0x4 4C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\ NI\432ba598\f6e8397\21. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: MissingDependencies, Path: 0x44C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fu sion\NativeImagesIndex\v2.0.50727_32\NI\432ba598\f6e8397\21. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x72, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x44C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 3a6a696d\52d7076e\2e. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x44C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3a6a6 96d\52d7076e\2e. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Modules, Path: 0x44C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeI magesIndex\v2.0.50727_32\IL\3a6a696d\52d7076e\2e. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x44C: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3a6a696d \52d7076e\2e. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x44C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 3a6a696d\52d7076e\2e. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C.

0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: System.DirectoryServices, 2.0.0.0,,b03f5f7f11d50a3a,MSIL, Path: 0x200: \REGISTRY\MACHINE\Software\Microsof t\Fusion\GACChangeNotification\Default. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff 10d\System.Runtime.Remoting.ni.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x44C, Path: \??\C:\W indows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040f a044dd21a04ff10d\System.Runtime.Remoting.ni.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x460, Path: 0x 44C: \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\System. Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5A380 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xC1000, Path: 0x460: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x460: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x460. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x44C, Path: \??\C: \Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: System.Runtime.Remoting.INI, Path: 0x44C: \Device\HarddiskVolume1\Wi ndows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a 5c561934e089\uxtheme.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x1200A9, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x44C, Path: \??\C:\W indows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.W indows.Forms.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x460, Path: 0x4 4C: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0 .0__b77a5c561934e089\System.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5F360 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x4CE000, Path: 0x460: . 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x450, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide.

0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x450: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x450. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x44C: \Device \HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c5 61934e089\System.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x44C: \Device\Har ddiskVolume1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c56193 4e089\System.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x460. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x5F360000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x8, File: C:\W indows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.W indows.Forms.dll, AsmDir: , ResourceName: Int Resource: 101, AppName: , HMod: 0x 0 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x460. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Microsoft\Windows\CurrentVersion\SideBySide\Assembly StorageRoots. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.ex e.Local\. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a438669 6c80. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100020, Param 2: 0x3, Param3: 0x21, Param4: 0x0, Param5: 0x0, OutHandle: 0x44C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none _72d18a4386696c80. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a438669 6c80\gdiplus.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x460, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none _72d18a4386696c80\gdiplus.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x450, Path: 0x 460: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b6

4144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x73CD0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x190000, Path: 0x450: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x450: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x450. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x460. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: System.Drawing.ni.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: System.Windows.Forms.ni.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Micr osoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: System.Runtime.Remoting.ni.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\M icrosoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x46C: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\Windows NT\CurrentVersion\Fonts. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x454, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\GDIPlus . 0x117C: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x117C: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: FontCachePath, Path: 0x45 4: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microso ft\GDIPlus. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0xC0100080, P aram2: 0x80, Param3: 0x3, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\Users\MarK\AppData\Local\GDIPFONTCACHEV1.DAT. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\GDIPFONTCACHEV1.DAT. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0007, P aram2: 0x227C8, Param3: 0x4, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x454, P ath: 0x470: \Device\HarddiskVolume1\Users\MarK\AppData\Local\GDIPFONTCACHEV1.DAT . 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x66500 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x23000, Path: 0x454: . 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\WINDOWS\FONTS\ ACADEREF.TTF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6650000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470.

0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x468. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0x410, Param4: 0x108, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0x410, Param4: 0x1C2, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x2, P aram2: 0x1, Param3: 0x410, Param4: 0x1DA, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x3, P aram2: 0x1, Param3: 0x410, Param4: 0x1D2, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x4, P aram2: 0x1, Param3: 0x410, Param4: 0xE4, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x5, P aram2: 0x1, Param3: 0x410, Param4: 0xE4, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x6, P aram2: 0x1, Param3: 0x410, Param4: 0xC4, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x7, P aram2: 0x1, Param3: 0x410, Param4: 0x1D6, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ TAHOMA.TTF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\TAHOMA.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\tahoma.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\tahoma.ttf. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\TAHOMA.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\tahoma.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\tahoma.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x454, Path: 0x470: \Device\HarddiskVolume1\Windows\Fonts\tahoma.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74100 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xAB000, Path: 0x454: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7410000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470.

0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\TAHOMA.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\tahoma.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\tahoma.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x454, Path: 0x470: \Device\HarddiskVolume1\Windows\Fonts\tahoma.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74100 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xAB000, Path: 0x454: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7410000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MSJH.TTF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\MSJH.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\msjh.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\msjh.ttf. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\MSJH.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\msjh.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\msjh.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x454, Path: 0x470: \Device\HarddiskVolume1\Windows\Fonts\msjh.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74100 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x14A9000, Path: 0x454: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7410000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\MSJH.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\msjh.ttf.

0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\msjh.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x454, Path: 0x470: \Device\HarddiskVolume1\Windows\Fonts\msjh.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74100 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x14A9000, Path: 0x454: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7410000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MSYH.TTF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\MSYH.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\msyh.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\msyh.ttf. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\MSYH.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\msyh.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\msyh.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x454, Path: 0x470: \Device\HarddiskVolume1\Windows\Fonts\msyh.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74100 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x14C3000, Path: 0x454: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7410000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\MSYH.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\msyh.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\msyh.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x454, Path: 0x470: \Device\HarddiskVolume1\Windows\Fonts\msyh.ttf.

0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74100 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x14C3000, Path: 0x454: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7410000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MALGUN.TTF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\MALGUN.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\malgun.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\malgun.ttf. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\MALGUN.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\malgun.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\malgun.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x454, Path: 0x470: \Device\HarddiskVolume1\Windows\Fonts\malgun.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74100 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x423000, Path: 0x454: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7410000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\MALGUN.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\malgun.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\malgun.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x454, Path: 0x470: \Device\HarddiskVolume1\Windows\Fonts\malgun.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74100 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x423000, Path: 0x454: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7410000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454.

0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x8, P aram2: 0x1, Param3: 0x410, Param4: 0xE2, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MICROSS.TTF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\MICROSS.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\micross.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\micross.ttf. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\MICROSS.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\micross.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\micross.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x454, Path: 0x470: \Device\HarddiskVolume1\Windows\Fonts\micross.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74100 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xA0000, Path: 0x454: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7410000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\MICROSS.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\micross.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\micross.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x454, Path: 0x470: \Device\HarddiskVolume1\Windows\Fonts\micross.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74100 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xA0000, Path: 0x454: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7410000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x9, P

aram2: 0x1, Param3: 0x410, Param4: 0xDE, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MICROSS.TTF. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xA, P aram2: 0x1, Param3: 0x410, Param4: 0x112, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MICROSS.TTF. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xB, P aram2: 0x1, Param3: 0x410, Param4: 0x112, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MICROSS.TTF. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xC, P aram2: 0x1, Param3: 0x410, Param4: 0x110, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MICROSS.TTF. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xD, P aram2: 0x1, Param3: 0x410, Param4: 0x14E, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MICROSS.TTF. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xE, P aram2: 0x1, Param3: 0x410, Param4: 0x162, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ SEGOEUI.TTF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\SEGOEUI.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\segoeui.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\segoeui.ttf. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\SEGOEUI.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\segoeui.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\segoeui.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x454, Path: 0x470: \Device\HarddiskVolume1\Windows\Fonts\segoeui.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x66500 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x7F000, Path: 0x454: .

0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6650000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\SEGOEUI.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\segoeui.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\segoeui.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x454, Path: 0x470: \Device\HarddiskVolume1\Windows\Fonts\segoeui.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x66500 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x7F000, Path: 0x454: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6650000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MSYH.TTF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MALGUN.TTF. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xF, P aram2: 0x1, Param3: 0x410, Param4: 0x19E, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x10, Param2: 0x1, Param3: 0x410, Param4: 0xE0, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MICROSS.TTF. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x11, Param2: 0x1, Param3: 0x410, Param4: 0x114, Param5: 0x0, Path: 0x468: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MICROSS.TTF. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x12, Param2: 0x1, Param3: 0x410, Param4: 0xAC, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x13, Param2: 0x1, Param3: 0x410, Param4: 0x15E, Param5: 0x0, Path: 0x468: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ SEGOEUI.TTF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MSJH.TTF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0,

Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MALGUN.TTF. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x14, Param2: 0x1, Param3: 0x410, Param4: 0x192, Param5: 0x0, Path: 0x468: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x15, Param2: 0x1, Param3: 0x410, Param4: 0x132, Param5: 0x0, Path: 0x468: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ SEGOEUI.TTF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MSJH.TTF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MSYH.TTF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MALGUN.TTF. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x16, Param2: 0x1, Param3: 0x410, Param4: 0x15E, Param5: 0x0, Path: 0x468: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x17, Param2: 0x1, Param3: 0x410, Param4: 0x13A, Param5: 0x0, Path: 0x468: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ SEGOEUI.TTF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MSJH.TTF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MSYH.TTF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MALGUN.TTF. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x18, Param2: 0x1, Param3: 0x410, Param4: 0x15E, Param5: 0x0, Path: 0x468: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x19, Param2: 0x1, Param3: 0x410, Param4: 0x9C, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1A, Param2: 0x1, Param3: 0x410, Param4: 0x98, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1B, Param2: 0x1, Param3: 0x410, Param4: 0xE0, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MICROSS.TTF. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1C, Param2: 0x1, Param3: 0x410, Param4: 0x9A, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1D, Param2: 0x1, Param3: 0x410, Param4: 0x9C, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1E,

Param2: 0x1, Param3: 0x410, Param4: 0xA0, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1F, Param2: 0x1, Param3: 0x410, Param4: 0xA4, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x20, Param2: 0x1, Param3: 0x410, Param4: 0xA4, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x21, Param2: 0x1, Param3: 0x410, Param4: 0xA4, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x22, Param2: 0x1, Param3: 0x410, Param4: 0xE4, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MICROSS.TTF. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x23, Param2: 0x1, Param3: 0x410, Param4: 0xA4, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x24, Param2: 0x1, Param3: 0x410, Param4: 0xA8, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x25, Param2: 0x1, Param3: 0x410, Param4: 0xA4, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x26, Param2: 0x1, Param3: 0x410, Param4: 0x14A, Param5: 0x0, Path: 0x468: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ SEGOEUI.TTF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MSJH.TTF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MSYH.TTF. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x27, Param2: 0x1, Param3: 0x410, Param4: 0x17E, Param5: 0x0, Path: 0x468: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports no more data. Status: 0x8000001 A, Param1: 0x28, Param2: 0x1, Param3: 0x410, Param4: 0x17E, Param5: 0x0, Name: , Path: 0x468: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fon tLink\SystemLink. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x468. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0x30C, Param4: 0x44, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0x30C, Param4: 0x5E, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x2, P aram2: 0x1, Param3: 0x30C, Param4: 0x54, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x3, P

aram2: 0x1, Param3: 0x30C, Param4: 0x66, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x4, P aram2: 0x1, Param3: 0x30C, Param4: 0x34, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x5, P aram2: 0x1, Param3: 0x30C, Param4: 0x4C, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x6, P aram2: 0x1, Param3: 0x30C, Param4: 0x44, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x7, P aram2: 0x1, Param3: 0x30C, Param4: 0x44, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x8, P aram2: 0x1, Param3: 0x30C, Param4: 0x4C, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x9, P aram2: 0x1, Param3: 0x30C, Param4: 0x44, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xA, P aram2: 0x1, Param3: 0x30C, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xB, P aram2: 0x1, Param3: 0x30C, Param4: 0x58, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xC, P aram2: 0x1, Param3: 0x30C, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xD, P aram2: 0x1, Param3: 0x30C, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xE, P aram2: 0x1, Param3: 0x30C, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xF, P aram2: 0x1, Param3: 0x30C, Param4: 0x40, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x10, Param2: 0x1, Param3: 0x30C, Param4: 0x70, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x11, Param2: 0x1, Param3: 0x30C, Param4: 0x68, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x12, Param2: 0x1, Param3: 0x30C, Param4: 0x70, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x13, Param2: 0x1, Param3: 0x30C, Param4: 0x70, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x14, Param2: 0x1, Param3: 0x30C, Param4: 0x70, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x15, Param2: 0x1, Param3: 0x30C, Param4: 0x3E, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x16, Param2: 0x1, Param3: 0x30C, Param4: 0x46, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x17,

Param2: 0x1, Param3: 0x30C, Param4: 0x3C, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x18, Param2: 0x1, Param3: 0x30C, Param4: 0x3A, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x19, Param2: 0x1, Param3: 0x30C, Param4: 0x44, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1A, Param2: 0x1, Param3: 0x30C, Param4: 0x46, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1B, Param2: 0x1, Param3: 0x30C, Param4: 0x62, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1C, Param2: 0x1, Param3: 0x30C, Param4: 0x40, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1D, Param2: 0x1, Param3: 0x30C, Param4: 0x4A, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1E, Param2: 0x1, Param3: 0x30C, Param4: 0x3C, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1F, Param2: 0x1, Param3: 0x30C, Param4: 0x5A, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: INFO: New_NtEnumerateValueKey reports no more data. Status: 0x8000001 A, Param1: 0x20, Param2: 0x1, Param3: 0x30C, Param4: 0x5A, Param5: 0x0, Name: , Path: 0x468: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Substitutes. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x468. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x468, Path: \Registry\M achine\System\CurrentControlSet\Control\Nls\Locale. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x470, Path: \Registry\M achine\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x454, Path: \Registry\M achine\System\CurrentControlSet\Control\Nls\Language Groups. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x1, Param 2: 0x214, Param3: 0x2C, Param4: 0x0, Param5: 0x0, Name: 00000C0A, Path: 0x468: \ REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x1, Param 2: 0x214, Param3: 0x1C, Param4: 0x0, Param5: 0x0, Name: 1, Path: 0x454: \REGISTR Y\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x46C: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x0, Param2: 0x1, Param3: 0xDC, Param4: 0x108, Param5: 0x0, Na me: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersio n\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0x108, Param4: 0x108, Param5: 0x0, Path: 0x46C: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x1, Param2: 0x1, Param3: 0xDC, Param4: 0x1C2, Param5: 0x0, Na me: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersio

n\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0x1C2, Param4: 0x1C2, Param5: 0x0, Path: 0x46C: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x2, Param2: 0x1, Param3: 0xDC, Param4: 0x1DA, Param5: 0x0, Na me: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersio n\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x2, P aram2: 0x1, Param3: 0x1DA, Param4: 0x1DA, Param5: 0x0, Path: 0x46C: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x3, Param2: 0x1, Param3: 0xDC, Param4: 0x1D2, Param5: 0x0, Na me: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersio n\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x3, P aram2: 0x1, Param3: 0x1D2, Param4: 0x1D2, Param5: 0x0, Path: 0x46C: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x4, Param2: 0x1, Param3: 0xDC, Param4: 0xE4, Param5: 0x0, Nam e: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion \FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x4, P aram2: 0x1, Param3: 0xE4, Param4: 0xE4, Param5: 0x0, Path: 0x46C: \REGISTRY\MACH INE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x5, Param2: 0x1, Param3: 0xDC, Param4: 0xE4, Param5: 0x0, Nam e: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion \FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x5, P aram2: 0x1, Param3: 0xE4, Param4: 0xE4, Param5: 0x0, Path: 0x46C: \REGISTRY\MACH INE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x6, P aram2: 0x1, Param3: 0xDC, Param4: 0xC4, Param5: 0x0, Path: 0x46C: \REGISTRY\MACH INE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x7, Param2: 0x1, Param3: 0xDC, Param4: 0x1D6, Param5: 0x0, Na me: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersio n\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x7, P aram2: 0x1, Param3: 0x1D6, Param4: 0x1D6, Param5: 0x0, Path: 0x46C: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x8, Param2: 0x1, Param3: 0xDC, Param4: 0xE2, Param5: 0x0, Nam e: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion \FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x8, P aram2: 0x1, Param3: 0xE2, Param4: 0xE2, Param5: 0x0, Path: 0x46C: \REGISTRY\MACH INE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x9, Param2: 0x1, Param3: 0xDC, Param4: 0xDE, Param5: 0x0, Nam e: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion \FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x9, P aram2: 0x1, Param3: 0xDE, Param4: 0xDE, Param5: 0x0, Path: 0x46C: \REGISTRY\MACH INE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0xA, Param2: 0x1, Param3: 0xDC, Param4: 0x112, Param5: 0x0, Na me: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersio n\FontLink\SystemLink.

0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xA, P aram2: 0x1, Param3: 0x112, Param4: 0x112, Param5: 0x0, Path: 0x46C: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0xB, Param2: 0x1, Param3: 0xDC, Param4: 0x112, Param5: 0x0, Na me: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersio n\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xB, P aram2: 0x1, Param3: 0x112, Param4: 0x112, Param5: 0x0, Path: 0x46C: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0xC, Param2: 0x1, Param3: 0xDC, Param4: 0x110, Param5: 0x0, Na me: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersio n\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xC, P aram2: 0x1, Param3: 0x110, Param4: 0x110, Param5: 0x0, Path: 0x46C: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0xD, Param2: 0x1, Param3: 0xDC, Param4: 0x14E, Param5: 0x0, Na me: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersio n\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xD, P aram2: 0x1, Param3: 0x14E, Param4: 0x14E, Param5: 0x0, Path: 0x46C: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0xE, Param2: 0x1, Param3: 0xDC, Param4: 0x162, Param5: 0x0, Na me: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersio n\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xE, P aram2: 0x1, Param3: 0x162, Param4: 0x162, Param5: 0x0, Path: 0x46C: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0xF, Param2: 0x1, Param3: 0xDC, Param4: 0x19E, Param5: 0x0, Na me: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersio n\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xF, P aram2: 0x1, Param3: 0x19E, Param4: 0x19E, Param5: 0x0, Path: 0x46C: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x10, Param2: 0x1, Param3: 0xDC, Param4: 0xE0, Param5: 0x0, Na me: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersio n\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x10, Param2: 0x1, Param3: 0xE0, Param4: 0xE0, Param5: 0x0, Path: 0x46C: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x11, Param2: 0x1, Param3: 0xDC, Param4: 0x114, Param5: 0x0, N ame: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersi on\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x11, Param2: 0x1, Param3: 0x114, Param4: 0x114, Param5: 0x0, Path: 0x46C: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x12, Param2: 0x1, Param3: 0xDC, Param4: 0xAC, Param5: 0x0, Path: 0x46C: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x13, Param2: 0x1, Param3: 0xDC, Param4: 0x15E, Param5: 0x0, N ame: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersi on\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x13,

Param2: 0x1, Param3: 0x15E, Param4: 0x15E, Param5: 0x0, Path: 0x46C: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x14, Param2: 0x1, Param3: 0xDC, Param4: 0x192, Param5: 0x0, N ame: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersi on\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x14, Param2: 0x1, Param3: 0x192, Param4: 0x192, Param5: 0x0, Path: 0x46C: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x15, Param2: 0x1, Param3: 0xDC, Param4: 0x132, Param5: 0x0, N ame: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersi on\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x15, Param2: 0x1, Param3: 0x132, Param4: 0x132, Param5: 0x0, Path: 0x46C: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x16, Param2: 0x1, Param3: 0xDC, Param4: 0x15E, Param5: 0x0, N ame: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersi on\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x16, Param2: 0x1, Param3: 0x15E, Param4: 0x15E, Param5: 0x0, Path: 0x46C: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x17, Param2: 0x1, Param3: 0xDC, Param4: 0x13A, Param5: 0x0, N ame: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersi on\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x17, Param2: 0x1, Param3: 0x13A, Param4: 0x13A, Param5: 0x0, Path: 0x46C: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x18, Param2: 0x1, Param3: 0xDC, Param4: 0x15E, Param5: 0x0, N ame: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersi on\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x18, Param2: 0x1, Param3: 0x15E, Param4: 0x15E, Param5: 0x0, Path: 0x46C: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x19, Param2: 0x1, Param3: 0xDC, Param4: 0x9C, Param5: 0x0, Path: 0x46C: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1A, Param2: 0x1, Param3: 0xDC, Param4: 0x98, Param5: 0x0, Path: 0x46C: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x1B, Param2: 0x1, Param3: 0xDC, Param4: 0xE0, Param5: 0x0, Na me: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersio n\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1B, Param2: 0x1, Param3: 0xE0, Param4: 0xE0, Param5: 0x0, Path: 0x46C: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1C, Param2: 0x1, Param3: 0xDC, Param4: 0x9A, Param5: 0x0, Path: 0x46C: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1D, Param2: 0x1, Param3: 0xDC, Param4: 0x9C, Param5: 0x0, Path: 0x46C: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1E, Param2: 0x1, Param3: 0xDC, Param4: 0xA0, Param5: 0x0, Path: 0x46C: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1F,

Param2: 0x1, Param3: 0xDC, Param4: 0xA4, Param5: 0x0, Path: 0x46C: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x20, Param2: 0x1, Param3: 0xDC, Param4: 0xA4, Param5: 0x0, Path: 0x46C: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x21, Param2: 0x1, Param3: 0xDC, Param4: 0xA4, Param5: 0x0, Path: 0x46C: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x22, Param2: 0x1, Param3: 0xDC, Param4: 0xE4, Param5: 0x0, Na me: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersio n\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x22, Param2: 0x1, Param3: 0xE4, Param4: 0xE4, Param5: 0x0, Path: 0x46C: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x23, Param2: 0x1, Param3: 0xDC, Param4: 0xA4, Param5: 0x0, Path: 0x46C: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x24, Param2: 0x1, Param3: 0xDC, Param4: 0xA8, Param5: 0x0, Path: 0x46C: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x25, Param2: 0x1, Param3: 0xDC, Param4: 0xA4, Param5: 0x0, Path: 0x46C: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x26, Param2: 0x1, Param3: 0xDC, Param4: 0x14A, Param5: 0x0, N ame: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersi on\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x26, Param2: 0x1, Param3: 0x14A, Param4: 0x14A, Param5: 0x0, Path: 0x46C: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x27, Param2: 0x1, Param3: 0xDC, Param4: 0x17E, Param5: 0x0, N ame: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersi on\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x27, Param2: 0x1, Param3: 0x17E, Param4: 0x17E, Param5: 0x0, Path: 0x46C: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports no more data. Status: 0x8000001 A, Param1: 0x28, Param2: 0x1, Param3: 0xDC, Param4: 0x0, Param5: 0x0, Name: , Pa th: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLi nk\SystemLink. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Disable, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Cur rentVersion\LanguagePack\DataStore_V1.0. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: DataFilePath, Path: 0x46C : \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\Da taStore_V1.0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x46C, Path: \??\ C:\Windows\Fonts\staticcache.dat. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x46C: \Device\Har ddiskVolume1\Windows\Fonts\StaticCache.dat. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x

3C, Param3: 0x3C, Param4: 0x0, Param5: 0x0, Path: 0x46C: \Device\HarddiskVolume1 \Windows\Fonts\StaticCache.dat. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x930000, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x474, Path: 0x46C: \Device\HarddiskVolume1\Windows\Fonts\StaticCache.dat. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74100 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x930000, Path: 0x474: . 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Plane1, Path: 0x478: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Curr entVersion\LanguagePack\SurrogateFallback. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x24, Param4: 0x0, Param5: 0x0, Name: Plane2, Path: 0x478: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\Surrogat eFallback. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x24, Param4: 0x0, Param5: 0x0, Name: Plane2, Path: 0x478: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\Surrogat eFallback. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Plane3, Path: 0x478: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Curr entVersion\LanguagePack\SurrogateFallback. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Plane4, Path: 0x478: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Curr entVersion\LanguagePack\SurrogateFallback. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Plane5, Path: 0x478: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Curr entVersion\LanguagePack\SurrogateFallback. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Plane6, Path: 0x478: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Curr entVersion\LanguagePack\SurrogateFallback. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Plane7, Path: 0x478: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Curr entVersion\LanguagePack\SurrogateFallback. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Plane8, Path: 0x478: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Curr entVersion\LanguagePack\SurrogateFallback. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Plane9, Path: 0x478: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Curr entVersion\LanguagePack\SurrogateFallback. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Plane10, Path: 0x478: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Cur rentVersion\LanguagePack\SurrogateFallback. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Plane11, Path: 0x478: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Cur rentVersion\LanguagePack\SurrogateFallback. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Plane12, Path: 0x478: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Cur rentVersion\LanguagePack\SurrogateFallback. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Plane13, Path: 0x478: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Cur rentVersion\LanguagePack\SurrogateFallback. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Plane14, Path: 0x478: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Cur rentVersion\LanguagePack\SurrogateFallback. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Plane15, Path: 0x478: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Cur rentVersion\LanguagePack\SurrogateFallback. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Plane16, Path: 0x478: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Cur rentVersion\LanguagePack\SurrogateFallback.

0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x478. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x478: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x1E, Param5: 0x0, Path: 0x478: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2A, Param5: 0x0, Path: 0x478: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x20, Param5: 0x0, Path: 0x478: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x1C, Param5: 0x0, Path: 0x478: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x478. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x478, Path: \?? \C:\WINDOWS\FONTS\SEGOEUIB.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuib.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuib.ttf. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x478. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x478, Path: \?? \C:\WINDOWS\FONTS\SEGOEUIB.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuib.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuib.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x47C, Path: 0x478: \Device\HarddiskVolume1\Windows\Fonts\segoeuib.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x7D400 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x7A000, Path: 0x47C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7D40000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x47C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x478. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x478, Path: \?? \C:\WINDOWS\FONTS\SEGOEUIB.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuib.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuib.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P

aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x47C, Path: 0x478: \Device\HarddiskVolume1\Windows\Fonts\segoeuib.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x7D400 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x7A000, Path: 0x47C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7D40000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x47C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x478. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x478, Path: \?? \C:\WINDOWS\FONTS\SEGOEUII.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuii.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuii.ttf. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x478. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x478, Path: \?? \C:\WINDOWS\FONTS\SEGOEUII.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuii.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuii.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x47C, Path: 0x478: \Device\HarddiskVolume1\Windows\Fonts\segoeuii.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x7D400 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x5F000, Path: 0x47C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7D40000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x47C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x478. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x478, Path: \?? \C:\WINDOWS\FONTS\SEGOEUII.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuii.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuii.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x47C, Path: 0x478: \Device\HarddiskVolume1\Windows\Fonts\segoeuii.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x7D400 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x5F000, Path: 0x47C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7D40000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x47C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x478. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x478, Path: \?? \C:\WINDOWS\FONTS\SEGOEUIZ.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuiz.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuiz.ttf. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x478. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x478, Path: \?? \C:\WINDOWS\FONTS\SEGOEUIZ.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuiz.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuiz.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x47C, Path: 0x478: \Device\HarddiskVolume1\Windows\Fonts\segoeuiz.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x7D400 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x62000, Path: 0x47C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7D40000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x47C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x478. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x478, Path: \?? \C:\WINDOWS\FONTS\SEGOEUIZ.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuiz.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuiz.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x47C, Path: 0x478: \Device\HarddiskVolume1\Windows\Fonts\segoeuiz.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x7D400 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x62000, Path: 0x47C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7D40000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x47C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x478. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Fi les (x86)\Computers and Structures\SAFE 12\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF.

0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x3F4DA0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F1C68, P ath: 0x3F4DA0: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x57200 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x374000, Path: 0x37F1C68: \ Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\CSID etailerDLL.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x7D40000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x374000, Path: 0x37F1 C68: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 1 2\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x57200000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x484. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x488. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: RaiseDefaultAuthnLevel, Path: 0x488: \REGISTRY\MACHINE\SOFTWARE\Microsoft \OLE\AppCompat. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x488. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: DefaultAccessPermission, Path: 0x488: \REGISTRY\MACHINE\SOFTWARE\Microsof t\OLE. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x488. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x488. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x484. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x488. 0x0A10: SUCCESS: New_NtDeviceIoControlFile succeeded. Status: 0x0, Param1: 0x39 0008, Param2: 0x30, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230: \Device\ KsecDD. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Type, Path: 0x484: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Micros oft Strong Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x484: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Strong Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x484: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Strong Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x484: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Strong Cryptographic Provider.

0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x484: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Strong Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x48C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x48C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x48C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x48C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x48C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x48C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x484. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x484. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x48C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x5A, Param4: 0x0, Param5: 0x0, Path: 0x48C: \REGISTRY\MACHINE\ SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\Pr oxyStubClsid32. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x48C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x484. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x484, Path: \REGISTRY\M ACHINE\Software\Microsoft\Rpc\Extensions. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x21A, Param3: 0x20, Param4: 0x0, Param5: 0x0, Name: NdrOleExtDLL, Path: 0x48 4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Rpc\Extensions. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x484. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x2C, Param4: 0x0, Param5: 0x0, Name: RemoteRpcDll, Path: 0x484 : \REGISTRY\MACHINE\SOFTWARE\Microsoft\Rpc\Extensions. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x484. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\RpcRtRemote.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\RpcRtRe mote.dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\RpcRtRemote.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x484, Path: \??\C:\W indows\system32\RpcRtRemote.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x48C, Path: 0x

484: \Device\HarddiskVolume1\Windows\SysWOW64\RpcRtRemote.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x6CDE0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xE000, Path: 0x48C: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x48C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x48C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x484. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x484. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20119, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x484, Path: \Registry\M achine\Software\Microsoft\SQMClient\Windows\DisabledProcesses\. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: 118F5EBF, Path: 0x484: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SQMClient\Win dows\DisabledProcesses. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x484. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20119, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x484, Path: \Registry\M achine\Software\Microsoft\SQMClient\Windows\DisabledSessions\. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: MachineThrottling, Path: 0x484: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SQMC lient\Windows\DisabledSessions. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x484. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20119, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x484, Path: \Registry\M achine\Software\Microsoft\SQMClient\Windows\DisabledSessions\. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: GlobalSession, Path: 0x484: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SQMClien t\Windows\DisabledSessions. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x484. 0x0C44: SUCCESS: New_NtDuplicateObject succeeded. Status: 0x0, Param1: 0xFFFFFF FF, Param2: 0xFFFFFFFF, Param3: 0x0, Param4: 0x0, Param5: 0x2, OutHandle: 0x490, Path: 0xFFFFFFFE: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x49C. 0x0A10: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x0, Param1: 0 x1, Param2: 0x1, Param3: 0x2, Param4: 0x0, Param5: 0x0, Path: 0x430: . 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F2C88, Path: \?? \C:\Program Files (x86)\Computers and Structures\SAFE 12\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: CSIDetailerDLL.INI, Path: 0x3F2C88: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x3F4E18, Path: \ ??\C:\Program Files (x86)\Computers and Structures\SAFE 12\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F4E18: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\CSIDetailer DLL.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P

aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1CD0, P ath: 0x3F4E18: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x83400 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x370000, Path: 0x37F1CD0: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\CSIDe tailerDLL.dll. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x8340000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1CD0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4E18. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x3F4E18, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x1, Param2: 0x18, Param3: 0x12, Param4: 0x0, Param5: 0x0, Path: 0x3F4DA0: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\CSIDe tailerDLL.dll. 0x0A10: INFO: New_NtQueryInformationFile reports insufficient buffer. Status: 0x80000005, Param1: 0x12, Param2: 0x68, Param3: 0x68, Param4: 0x0, Param5: 0x0, Name: , Path: 0x3F4DA0: \Device\HarddiskVolume1\Program Files (x86)\Computers a nd Structures\SAFE 12\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x1, Param2: 0x18, Param3: 0x12, Param4: 0x0, Param5: 0x0, Path: 0x3F4E18: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\CSIDe tailerDLL.dll. 0x0A10: INFO: New_NtQueryInformationFile reports insufficient buffer. Status: 0x80000005, Param1: 0x12, Param2: 0x68, Param3: 0x68, Param4: 0x0, Param5: 0x0, Name: , Path: 0x3F4E18: \Device\HarddiskVolume1\Program Files (x86)\Computers a nd Structures\SAFE 12\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F4E90, Path: \??\C :\Program Files (x86)\Computers and Structures\SAFE 12\CSIDetailerDLL.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F1CD0, Path : 0x3F4E90: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures \SAFE 12\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x57200 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x374000, Path: 0x37F1CD0: \ Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\CSID etailerDLL.dll. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1CD0: \Device\HarddiskV olume1\Program Files (x86)\Computers and Structures\SAFE 12\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1CD0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4E90. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4E18. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Windows\assembly\GAC_32\Microsoft.DirectX\1.0.2902.0__31bf38 56ad364e35. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Windows\assembly\GAC_MSIL\Microsoft.DirectX\1.0.2902.0__31bf 3856ad364e35. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x3F4E18, Path: \??\C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Micro soft.DirectX.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Win dows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.Direc tX.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F1D38, P ath: 0x3F4E18: \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1. 0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x8340000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x3B000, Path: 0x37F1D 38: \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__3 1bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x8380000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x3B000, Path: 0x37F1D 38: \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__3 1bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x8340000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x5C, Param4: 0x0, Param5: 0x0, Name: Name, Path: 0x4B0: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\ Type 001. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x5C, Param4: 0x0, Param5: 0x0, Name: Name, Path: 0x4B0: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\ Type 001. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x5C, Param4: 0x0, Param5: 0x0, Name: Name, Path: 0x4B0: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\ Type 001. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x5C, Param4: 0x0, Param5: 0x0, Name: Name, Path: 0x4B0: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\ Type 001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4B0.

0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Type, Path: 0x4B0: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Micros oft Strong Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x4B0: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Strong Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x4B0: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Strong Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x4B0: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Strong Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x4B0: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Strong Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x4B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x4B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x4B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x4B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4B4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4B4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4B0. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x4B4, Path: \??\C: \Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: Microsoft.DirectX.INI, Path: 0x4B4: \Device\HarddiskVolume1\Windows\ assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4B4. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x3F4F08, Path: \??\C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Micro soft.DirectX.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x1, Param2: 0x18, Param3: 0x12, Param4: 0x0, Param5: 0x0, Path: 0x3F4E18: \D evice\HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf385 6ad364e35\Microsoft.DirectX.dll. 0x0A10: INFO: New_NtQueryInformationFile reports insufficient buffer. Status: 0x80000005, Param1: 0x12, Param2: 0x68, Param3: 0x68, Param4: 0x0, Param5: 0x0,

Name: , Path: 0x3F4E18: \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft. DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x1, Param2: 0x18, Param3: 0x12, Param4: 0x0, Param5: 0x0, Path: 0x3F4F08: \D evice\HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf385 6ad364e35\Microsoft.DirectX.dll. 0x0A10: INFO: New_NtQueryInformationFile reports insufficient buffer. Status: 0x80000005, Param1: 0x12, Param2: 0x68, Param3: 0x68, Param4: 0x0, Param5: 0x0, Name: , Path: 0x3F4F08: \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft. DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F4F80, Path: \??\C :\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft. DirectX.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Win dows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.Direc tX.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F1DA0, Path : 0x3F4F80: \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1.0.2 902.0__31bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x8340000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x3B000, Path: 0x37F1D A0: \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__3 1bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x0, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1DA0: \Device\HarddiskV olume1\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Micro soft.DirectX.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1DA0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4F80. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Microsoft.DirectX.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x64, OutHandle: 0x3F4FF8, Path: \ ??\C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Micros oft.DirectX.dll. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F4FF8: \Device\ HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364 e35\Microsoft.DirectX.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Win dows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.Direc tX.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1E08, P ath: 0x3F4FF8: \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1. 0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x83C00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x37000, Path: 0x37F1E08: \De

vice\HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856 ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4FF8. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x83C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1E08. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x64, OutHandle: 0x3F4FF8, Path: \ ??\C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Micros oft.DirectX.dll. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F4FF8: \Device\ HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364 e35\Microsoft.DirectX.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Win dows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.Direc tX.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1E08, P ath: 0x3F4FF8: \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1. 0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x83C00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x37000, Path: 0x37F1E08: \De vice\HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856 ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4FF8. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x83C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1E08. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x64, OutHandle: 0x3F4FF8, Path: \ ??\C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Micros oft.DirectX.dll. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F4FF8: \Device\ HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364 e35\Microsoft.DirectX.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Win dows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.Direc tX.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1E08, P ath: 0x3F4FF8: \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1. 0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x83C00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x37000, Path: 0x37F1E08: \De vice\HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856 ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4FF8. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x83C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1E08. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x64, OutHandle: 0x3F4FF8, Path: \

??\C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Micros oft.DirectX.dll. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F4FF8: \Device\ HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364 e35\Microsoft.DirectX.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Win dows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.Direc tX.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1E08, P ath: 0x3F4FF8: \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1. 0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x83C00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x37000, Path: 0x37F1E08: \De vice\HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856 ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4FF8. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x83C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1E08. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: CSIDetailerDLL.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Win dows NT\CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4F08. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Windows\assembly\GAC_32\Microsoft.VisualBasic.Compatibility\ 8.0.0.0__b03f5f7f11d50a3a. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Micros oft.VisualBasic.Compatibility.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x4B0, Path: \?? \C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5 f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x4B8, Path: 0x4B0: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic. Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x62170 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x60000, Path: 0x4B8: . 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x83C0000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x60000, Path: 0x4B8:

. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x62170000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x4C4, Path: \??\C: \Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f 11d50a3a\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: Microsoft.VisualBasic.Compatibility.INI, Path: 0x4C4: \Device\Harddi skVolume1\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0_ _b03f5f7f11d50a3a. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4C4. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x4C4, Path: \?? \C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5 f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x1, Param2: 0x18, Param3: 0x12, Param4: 0x0, Param5: 0x0, Path: 0x4B0: \Devi ce\HarddiskVolume1\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility \8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll. 0x0A10: INFO: New_NtQueryInformationFile reports insufficient buffer. Status: 0x80000005, Param1: 0x12, Param2: 0x68, Param3: 0x68, Param4: 0x0, Param5: 0x0, Name: , Path: 0x4B0: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\Microsof t.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Comp atibility.dll. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x1, Param2: 0x18, Param3: 0x12, Param4: 0x0, Param5: 0x0, Path: 0x4C4: \Devi ce\HarddiskVolume1\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility \8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll. 0x0A10: INFO: New_NtQueryInformationFile reports insufficient buffer. Status: 0x80000005, Param1: 0x12, Param2: 0x68, Param3: 0x68, Param4: 0x0, Param5: 0x0, Name: , Path: 0x4C4: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\Microsof t.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Comp atibility.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Micros oft.VisualBasic.Compatibility.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x4C8, Path: \??\C:\W indows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11 d50a3a\Microsoft.VisualBasic.Compatibility.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x4CC, Path: 0x 4C8: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Com patibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x62170 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x60000, Path: 0x4CC: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4CC: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4CC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4C8. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4C4. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x4C4, Path: \?? \C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x4C4: \Device\Har ddiskVolume1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls .nlp. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x4C8, Path: 0x4C4: \Device\HarddiskVolume1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c 561934e089\sorttbls.nlp. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x84300 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x5000, Path: 0x4C8: . 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x4CC, Path: \?? \C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x4CC: \Device\Har ddiskVolume1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey. nlp. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x4D0, Path: 0x4CC: \Device\HarddiskVolume1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c 561934e089\sortkey.nlp. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x84500 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x41000, Path: 0x4D0: . 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \Sessions\1\BaseNamedObjects\Global\NLS_00000C0A_Exception_Table_3_2. 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0x4, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x4D4, Path: \Sessions\1 \BaseNamedObjects\NLS_00000C0A_Exception_Table_3_2. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x84A00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x41000, Path: 0x4D4: \Sessio ns\1\BaseNamedObjects\NLS_00000C0A_Exception_Table_3_2. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtQueryFullAttributesFile reports item not found: Status: 0 xC0000034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAF E.exe.config. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es-ES\S

AFE.resources.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es-ES\S AFE.resources\SAFE.resources.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es-ES\S AFE.resources.exe. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es-ES\S AFE.resources\SAFE.resources.exe. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4D8. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0x1048, Param4: 0x126, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\C: Program Files (x86) Computers an d Structures SAFE 12 SAFE.exe. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0x1048, Param4: 0x19E, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\C: Program Files (x86) Computers an d Structures SAFE 12 SAFE.exe. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x2, P aram2: 0x1, Param3: 0x1048, Param4: 0x19E, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\C: Program Files (x86) Computers an d Structures SAFE 12 SAFE.exe. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x3, P aram2: 0x1, Param3: 0x1048, Param4: 0x18E, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\C: Program Files (x86) Computers an d Structures SAFE 12 SAFE.exe. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x4, P aram2: 0x1, Param3: 0x1048, Param4: 0x176, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\C: Program Files (x86) Computers an d Structures SAFE 12 SAFE.exe. 0x0A10: INFO: New_NtEnumerateValueKey reports no more data. Status: 0x8000001 A, Param1: 0x5, Param2: 0x1, Param3: 0x1048, Param4: 0x9BFCD55D, Param5: 0x0, Na me: , Path: 0x4D8: \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C: Pr ogram Files (x86) Computers and Structures SAFE 12 SAFE.exe. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4D8. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0x1048, Param4: 0x1B6, Param5: 0x0, Path: 0x4D8: \REGISTRY\U SER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Installer\A ssemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0x1048, Param4: 0x1F8, Param5: 0x0, Path: 0x4D8: \REGISTRY\U SER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Installer\A ssemblies\Global. 0x0A10: INFO: New_NtEnumerateValueKey reports no more data. Status: 0x8000001 A, Param1: 0x2, Param2: 0x1, Param3: 0x1048, Param4: 0x95027ABD, Param5: 0x0, Na me: , Path: 0x4D8: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4D8. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0x1048, Param4: 0x166, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0x1048, Param4: 0x20A, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x2, P aram2: 0x1, Param3: 0x1048, Param4: 0x212, Param5: 0x0, Path: 0x4D8: \REGISTRY\M

ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x3, P aram2: 0x1, Param3: 0x1048, Param4: 0x1EA, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x4, P aram2: 0x1, Param3: 0x1048, Param4: 0x21A, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x5, P aram2: 0x1, Param3: 0x1048, Param4: 0x212, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x6, P aram2: 0x1, Param3: 0x1048, Param4: 0x222, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x7, P aram2: 0x1, Param3: 0x1048, Param4: 0x212, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x8, P aram2: 0x1, Param3: 0x1048, Param4: 0x212, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x9, P aram2: 0x1, Param3: 0x1048, Param4: 0x21A, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xA, P aram2: 0x1, Param3: 0x1048, Param4: 0x212, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xB, P aram2: 0x1, Param3: 0x1048, Param4: 0x1EA, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xC, P aram2: 0x1, Param3: 0x1048, Param4: 0x202, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xD, P aram2: 0x1, Param3: 0x1048, Param4: 0x1E2, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xE, P aram2: 0x1, Param3: 0x1048, Param4: 0x1EA, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xF, P aram2: 0x1, Param3: 0x1048, Param4: 0x1EA, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x10, Param2: 0x1, Param3: 0x1048, Param4: 0x21A, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x11, Param2: 0x1, Param3: 0x1048, Param4: 0x1F2, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x12, Param2: 0x1, Param3: 0x1048, Param4: 0x21A, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x13, Param2: 0x1, Param3: 0x1048, Param4: 0x212, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x14, Param2: 0x1, Param3: 0x1048, Param4: 0x22A, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x15, Param2: 0x1, Param3: 0x1048, Param4: 0x22A, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x16, Param2: 0x1, Param3: 0x1048, Param4: 0x22A, Param5: 0x0, Path: 0x4D8: \REGISTRY\

MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x17, Param2: 0x1, Param3: 0x1048, Param4: 0x232, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x18, Param2: 0x1, Param3: 0x1048, Param4: 0x232, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x19, Param2: 0x1, Param3: 0x1048, Param4: 0x200, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1A, Param2: 0x1, Param3: 0x1048, Param4: 0x200, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1B, Param2: 0x1, Param3: 0x1048, Param4: 0x1F8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1C, Param2: 0x1, Param3: 0x1048, Param4: 0x1F8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1D, Param2: 0x1, Param3: 0x1048, Param4: 0x1F0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1E, Param2: 0x1, Param3: 0x1048, Param4: 0x1F8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1F, Param2: 0x1, Param3: 0x1048, Param4: 0x1F8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x20, Param2: 0x1, Param3: 0x1048, Param4: 0x1F8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x21, Param2: 0x1, Param3: 0x1048, Param4: 0x208, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x22, Param2: 0x1, Param3: 0x1048, Param4: 0x1F0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x23, Param2: 0x1, Param3: 0x1048, Param4: 0x1F8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x24, Param2: 0x1, Param3: 0x1048, Param4: 0x200, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x25, Param2: 0x1, Param3: 0x1048, Param4: 0x1D0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x26, Param2: 0x1, Param3: 0x1048, Param4: 0x1D0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x27, Param2: 0x1, Param3: 0x1048, Param4: 0x1D0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x28, Param2: 0x1, Param3: 0x1048, Param4: 0x200, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x29, Param2: 0x1, Param3: 0x1048, Param4: 0x1C0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x2A, Param2: 0x1, Param3: 0x1048, Param4: 0x1E8, Param5: 0x0, Path: 0x4D8: \REGISTRY\

MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x2B, Param2: 0x1, Param3: 0x1048, Param4: 0x1D0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x2C, Param2: 0x1, Param3: 0x1048, Param4: 0x1F8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x2D, Param2: 0x1, Param3: 0x1048, Param4: 0x200, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x2E, Param2: 0x1, Param3: 0x1048, Param4: 0x1F8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x2F, Param2: 0x1, Param3: 0x1048, Param4: 0x1F8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x30, Param2: 0x1, Param3: 0x1048, Param4: 0x1F0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x31, Param2: 0x1, Param3: 0x1048, Param4: 0x1E8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x32, Param2: 0x1, Param3: 0x1048, Param4: 0x200, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x33, Param2: 0x1, Param3: 0x1048, Param4: 0x200, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x34, Param2: 0x1, Param3: 0x1048, Param4: 0x200, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x35, Param2: 0x1, Param3: 0x1048, Param4: 0x200, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x36, Param2: 0x1, Param3: 0x1048, Param4: 0x1F0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x37, Param2: 0x1, Param3: 0x1048, Param4: 0x1F8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x38, Param2: 0x1, Param3: 0x1048, Param4: 0x178, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x39, Param2: 0x1, Param3: 0x1048, Param4: 0x170, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x3A, Param2: 0x1, Param3: 0x1048, Param4: 0x168, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x3B, Param2: 0x1, Param3: 0x1048, Param4: 0x160, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x3C, Param2: 0x1, Param3: 0x1048, Param4: 0x160, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x3D, Param2: 0x1, Param3: 0x1048, Param4: 0x16A, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x3E, Param2: 0x1, Param3: 0x1048, Param4: 0x1A6, Param5: 0x0, Path: 0x4D8: \REGISTRY\

MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x3F, Param2: 0x1, Param3: 0x1048, Param4: 0x1BE, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x40, Param2: 0x1, Param3: 0x1048, Param4: 0x1BE, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x41, Param2: 0x1, Param3: 0x1048, Param4: 0x1C6, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x42, Param2: 0x1, Param3: 0x1048, Param4: 0x1DE, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x43, Param2: 0x1, Param3: 0x1048, Param4: 0x1DE, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x44, Param2: 0x1, Param3: 0x1048, Param4: 0x1CC, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x45, Param2: 0x1, Param3: 0x1048, Param4: 0x1E4, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x46, Param2: 0x1, Param3: 0x1048, Param4: 0x1C0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x47, Param2: 0x1, Param3: 0x1048, Param4: 0x1F0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x48, Param2: 0x1, Param3: 0x1048, Param4: 0x1B8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x49, Param2: 0x1, Param3: 0x1048, Param4: 0x1F8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x4A, Param2: 0x1, Param3: 0x1048, Param4: 0x208, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x4B, Param2: 0x1, Param3: 0x1048, Param4: 0x1E8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x4C, Param2: 0x1, Param3: 0x1048, Param4: 0x1F0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x4D, Param2: 0x1, Param3: 0x1048, Param4: 0x1E8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x4E, Param2: 0x1, Param3: 0x1048, Param4: 0x1F8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x4F, Param2: 0x1, Param3: 0x1048, Param4: 0x1F0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x50, Param2: 0x1, Param3: 0x1048, Param4: 0x1C8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x51, Param2: 0x1, Param3: 0x1048, Param4: 0x1D0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x52, Param2: 0x1, Param3: 0x1048, Param4: 0x1F0, Param5: 0x0, Path: 0x4D8: \REGISTRY\

MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x53, Param2: 0x1, Param3: 0x1048, Param4: 0x1F8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x54, Param2: 0x1, Param3: 0x1048, Param4: 0x1E0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x55, Param2: 0x1, Param3: 0x1048, Param4: 0x1F0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x56, Param2: 0x1, Param3: 0x1048, Param4: 0x1A8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x57, Param2: 0x1, Param3: 0x1048, Param4: 0x1C0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x58, Param2: 0x1, Param3: 0x1048, Param4: 0x1D0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x59, Param2: 0x1, Param3: 0x1048, Param4: 0x1B8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x5A, Param2: 0x1, Param3: 0x1048, Param4: 0x1A8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x5B, Param2: 0x1, Param3: 0x1048, Param4: 0x1B8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x5C, Param2: 0x1, Param3: 0x1048, Param4: 0x1C8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x5D, Param2: 0x1, Param3: 0x1048, Param4: 0x1D0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x5E, Param2: 0x1, Param3: 0x1048, Param4: 0x1C2, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x5F, Param2: 0x1, Param3: 0x1048, Param4: 0x1D6, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x60, Param2: 0x1, Param3: 0x1048, Param4: 0x1EE, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x61, Param2: 0x1, Param3: 0x1048, Param4: 0x1EE, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x62, Param2: 0x1, Param3: 0x1048, Param4: 0x1CA, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x63, Param2: 0x1, Param3: 0x1048, Param4: 0x1E2, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x64, Param2: 0x1, Param3: 0x1048, Param4: 0x1E2, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x65, Param2: 0x1, Param3: 0x1048, Param4: 0x162, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x66, Param2: 0x1, Param3: 0x1048, Param4: 0x1C8, Param5: 0x0, Path: 0x4D8: \REGISTRY\

MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x67, Param2: 0x1, Param3: 0x1048, Param4: 0x1E0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x68, Param2: 0x1, Param3: 0x1048, Param4: 0x1E0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x69, Param2: 0x1, Param3: 0x1048, Param4: 0x1C8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x6A, Param2: 0x1, Param3: 0x1048, Param4: 0x1E0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x6B, Param2: 0x1, Param3: 0x1048, Param4: 0x1E0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x6C, Param2: 0x1, Param3: 0x1048, Param4: 0x208, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x6D, Param2: 0x1, Param3: 0x1048, Param4: 0x218, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x6E, Param2: 0x1, Param3: 0x1048, Param4: 0x1E0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x6F, Param2: 0x1, Param3: 0x1048, Param4: 0x1F8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x70, Param2: 0x1, Param3: 0x1048, Param4: 0x1E8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x71, Param2: 0x1, Param3: 0x1048, Param4: 0x210, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x72, Param2: 0x1, Param3: 0x1048, Param4: 0x210, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x73, Param2: 0x1, Param3: 0x1048, Param4: 0x208, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x74, Param2: 0x1, Param3: 0x1048, Param4: 0x218, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x75, Param2: 0x1, Param3: 0x1048, Param4: 0x218, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x76, Param2: 0x1, Param3: 0x1048, Param4: 0x1D0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x77, Param2: 0x1, Param3: 0x1048, Param4: 0x1C0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x78, Param2: 0x1, Param3: 0x1048, Param4: 0x210, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x79, Param2: 0x1, Param3: 0x1048, Param4: 0x218, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x7A, Param2: 0x1, Param3: 0x1048, Param4: 0x1D8, Param5: 0x0, Path: 0x4D8: \REGISTRY\

MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x7B, Param2: 0x1, Param3: 0x1048, Param4: 0x1A0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x7C, Param2: 0x1, Param3: 0x1048, Param4: 0x1D8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x7D, Param2: 0x1, Param3: 0x1048, Param4: 0x1E0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x7E, Param2: 0x1, Param3: 0x1048, Param4: 0x1F0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x7F, Param2: 0x1, Param3: 0x1048, Param4: 0x1F0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x80, Param2: 0x1, Param3: 0x1048, Param4: 0x1F0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x81, Param2: 0x1, Param3: 0x1048, Param4: 0x1D8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x82, Param2: 0x1, Param3: 0x1048, Param4: 0x1F0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x83, Param2: 0x1, Param3: 0x1048, Param4: 0x200, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x84, Param2: 0x1, Param3: 0x1048, Param4: 0x1D0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x85, Param2: 0x1, Param3: 0x1048, Param4: 0x1E8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x86, Param2: 0x1, Param3: 0x1048, Param4: 0x1E8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x87, Param2: 0x1, Param3: 0x1048, Param4: 0x1D2, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x88, Param2: 0x1, Param3: 0x1048, Param4: 0x1D2, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x89, Param2: 0x1, Param3: 0x1048, Param4: 0x1D4, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x8A, Param2: 0x1, Param3: 0x1048, Param4: 0x1EC, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x8B, Param2: 0x1, Param3: 0x1048, Param4: 0x1EC, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x8C, Param2: 0x1, Param3: 0x1048, Param4: 0x1DC, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x8D, Param2: 0x1, Param3: 0x1048, Param4: 0x1F4, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x8E, Param2: 0x1, Param3: 0x1048, Param4: 0x1F4, Param5: 0x0, Path: 0x4D8: \REGISTRY\

MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x8F, Param2: 0x1, Param3: 0x1048, Param4: 0x1DA, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x90, Param2: 0x1, Param3: 0x1048, Param4: 0x1F2, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x91, Param2: 0x1, Param3: 0x1048, Param4: 0x1F2, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x92, Param2: 0x1, Param3: 0x1048, Param4: 0x1D8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x93, Param2: 0x1, Param3: 0x1048, Param4: 0x1F0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x94, Param2: 0x1, Param3: 0x1048, Param4: 0x1F0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x95, Param2: 0x1, Param3: 0x1048, Param4: 0x1C6, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x96, Param2: 0x1, Param3: 0x1048, Param4: 0x1DE, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x97, Param2: 0x1, Param3: 0x1048, Param4: 0x1DE, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x98, Param2: 0x1, Param3: 0x1048, Param4: 0x19A, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x99, Param2: 0x1, Param3: 0x1048, Param4: 0x1EA, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x9A, Param2: 0x1, Param3: 0x1048, Param4: 0x1A6, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x9B, Param2: 0x1, Param3: 0x1048, Param4: 0x1B6, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x9C, Param2: 0x1, Param3: 0x1048, Param4: 0x1F2, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x9D, Param2: 0x1, Param3: 0x1048, Param4: 0x196, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x9E, Param2: 0x1, Param3: 0x1048, Param4: 0x1F2, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x9F, Param2: 0x1, Param3: 0x1048, Param4: 0x202, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xA0, Param2: 0x1, Param3: 0x1048, Param4: 0x20A, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xA1, Param2: 0x1, Param3: 0x1048, Param4: 0x150, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xA2, Param2: 0x1, Param3: 0x1048, Param4: 0x140, Param5: 0x0, Path: 0x4D8: \REGISTRY\

MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xA3, Param2: 0x1, Param3: 0x1048, Param4: 0x150, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xA4, Param2: 0x1, Param3: 0x1048, Param4: 0x140, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xA5, Param2: 0x1, Param3: 0x1048, Param4: 0x150, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xA6, Param2: 0x1, Param3: 0x1048, Param4: 0x140, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xA7, Param2: 0x1, Param3: 0x1048, Param4: 0x130, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xA8, Param2: 0x1, Param3: 0x1048, Param4: 0x162, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xA9, Param2: 0x1, Param3: 0x1048, Param4: 0x162, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xAA, Param2: 0x1, Param3: 0x1048, Param4: 0x162, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xAB, Param2: 0x1, Param3: 0x1048, Param4: 0x152, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xAC, Param2: 0x1, Param3: 0x1048, Param4: 0x14A, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xAD, Param2: 0x1, Param3: 0x1048, Param4: 0x14A, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xAE, Param2: 0x1, Param3: 0x1048, Param4: 0x14A, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xAF, Param2: 0x1, Param3: 0x1048, Param4: 0x152, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xB0, Param2: 0x1, Param3: 0x1048, Param4: 0x14A, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xB1, Param2: 0x1, Param3: 0x1048, Param4: 0x14A, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xB2, Param2: 0x1, Param3: 0x1048, Param4: 0x152, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xB3, Param2: 0x1, Param3: 0x1048, Param4: 0x14A, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xB4, Param2: 0x1, Param3: 0x1048, Param4: 0x152, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: INFO: New_NtEnumerateValueKey reports no more data. Status: 0x8000001 A, Param1: 0xB5, Param2: 0x1, Param3: 0x1048, Param4: 0xBBAF1423, Param5: 0x0, N ame: , Path: 0x4D8: \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Glob al. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4D8. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Micros oft.NET\Framework\v2.0.50727\culture.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x4D8, Path: \??\C:\W indows\Microsoft.NET\Framework\v2.0.50727\culture.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x4DC, Path: 0x 4D8: \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\Culture. dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x84F0000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x8000, Path: 0x4DC: . 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x0, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4DC: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4DC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4D8. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x4D8, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x4D8: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4D8. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x120089, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x4D8, Path: \??\C:\W indows\Microsoft.NET\Framework\v2.0.50727\culture.dll. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x4D8: \Device \HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x4D8: \Device\Har ddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4D8. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x88, File: C:\ Windows\Microsoft.NET\Framework\v2.0.50727\culture.dll, AsmDir: , ResourceName: Int Resource: 2, AppName: , HMod: 0x84F0000 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Microsoft\Windows\CurrentVersion\SideBySide\Assembly StorageRoots. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.ex e.Local\. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100020, Param 2: 0x3, Param3: 0x21, Param4: 0x0, Param5: 0x0, OutHandle: 0x4D8, Path: \??\C:\W indows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154 e044272b9a. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: culture.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT \CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034,

Name: Microsoft.VisualBasic.Compatibility.dll, Path: 0x150: \REGISTRY\MACHINE\S OFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOp tions. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x84F0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x8500000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4D8. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Windows\Microsoft.NET\Framework\v2.0.50727\es-ES\mscorrc.dll . 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Windows\Microsoft.NET\Framework\v2.0.50727\es-ES\mscorrc.dll .DLL. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Micros oft.NET\Framework\v2.0.50727\es\mscorrc.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x4D8, Path: \??\ C:\Windows\Microsoft.NET\Framework\v2.0.50727\es\mscorrc.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x4DC, Path: 0x4D8: \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\es\ms corrc.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x84F00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x65000, Path: 0x4DC: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4D8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4DC. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\Globalization\es.nlp. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\Globalization\es-es.nlp. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \Sessions\1\BaseNamedObjects\Global\NLS_0000040A_Exception_Table_3_2. 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0x4, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x4DC, Path: \Sessions\1 \BaseNamedObjects\NLS_0000040A_Exception_Table_3_2. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x85600 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x41000, Path: 0x4DC: \Sessio ns\1\BaseNamedObjects\NLS_0000040A_Exception_Table_3_2. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es\SAFE .resources.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es\SAFE .resources\SAFE.resources.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es\SAFE .resources.exe. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es\SAFE .resources\SAFE.resources.exe. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4D8. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\WindowsCodecs.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00

00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Windows Codecs.dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\WindowsCodecs.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x4D8, Path: \??\C:\W indows\system32\WindowsCodecs.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x4E0, Path: 0x 4D8: \Device\HarddiskVolume1\Windows\SysWOW64\WindowsCodecs.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74130 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xFB000, Path: 0x4E0: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4E0: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4E0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4D8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4D8. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x2000000, Param 2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x4D8, Path: \REGISTRY \USER\S-1-5-21-4048755273-3007554995-782353158-1001_Classes. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x3, Param2: 0x 180, Param3: 0x8C, Param4: 0x0, Param5: 0x0, Path: 0x4DA: \REGISTRY\USER\S-1-5-2 1-4048755273-3007554995-782353158-1001_CLASSES. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x7, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x4DA: \REGISTRY\USER\S-1-5-21-4 048755273-3007554995-782353158-1001_CLASSES. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x3, Param2: 0x 180, Param3: 0x8C, Param4: 0x0, Param5: 0x0, Path: 0x4DA: \REGISTRY\USER\S-1-5-2 1-4048755273-3007554995-782353158-1001_CLASSES. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x7, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x4DA: \REGISTRY\USER\S-1-5-21-4 048755273-3007554995-782353158-1001_CLASSES. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4E2. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\Globalization\en-us.nlp. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Windows\assembly\GAC_32\System.Windows.Forms.resources\2.0.0 .0_es_b77a5c561934e089. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_es_b77a5c561934e089. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_es_b77a5c561934e089\System.Wi ndows.Forms.resources.dll.

0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x4E4, Path: \?? \C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_es_b77a5c56 1934e089\System.Windows.Forms.resources.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x4E8, Path: 0x4E4: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Windows.Forms.r esources\2.0.0.0_es_b77a5c561934e089\System.Windows.Forms.Resources.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5A310 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x6C000, Path: 0x4E8: . 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x8620000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x6C000, Path: 0x4E8: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x5A310000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x4EC, Path: \??\C: \Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_es_b77a5c56193 4e089\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: System.Windows.Forms.resources.INI, Path: 0x4EC: \Device\HarddiskVol ume1\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_es_b77a5c5 61934e089. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4EC. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x4EC, Path: \?? \C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_es_b77a5c56 1934e089\System.Windows.Forms.resources.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x1, Param2: 0x18, Param3: 0x12, Param4: 0x0, Param5: 0x0, Path: 0x4E4: \Devi ce\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0. 0.0_es_b77a5c561934e089\System.Windows.Forms.Resources.dll. 0x0A10: INFO: New_NtQueryInformationFile reports insufficient buffer. Status: 0x80000005, Param1: 0x12, Param2: 0x68, Param3: 0x68, Param4: 0x0, Param5: 0x0, Name: , Path: 0x4E4: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.W indows.Forms.resources\2.0.0.0_es_b77a5c561934e089\System.Windows.Forms.Resource s.dll. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x1, Param2: 0x18, Param3: 0x12, Param4: 0x0, Param5: 0x0, Path: 0x4EC: \Devi ce\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0. 0.0_es_b77a5c561934e089\System.Windows.Forms.Resources.dll. 0x0A10: INFO: New_NtQueryInformationFile reports insufficient buffer. Status: 0x80000005, Param1: 0x12, Param2: 0x68, Param3: 0x68, Param4: 0x0, Param5: 0x0, Name: , Path: 0x4EC: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.W indows.Forms.resources\2.0.0.0_es_b77a5c561934e089\System.Windows.Forms.Resource s.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_es_b77a5c561934e089\System.Wi

ndows.Forms.resources.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x4F0, Path: \??\C:\W indows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_es_b77a5c561934e 089\System.Windows.Forms.resources.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x4F4, Path: 0x 4F0: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Windows.Forms.reso urces\2.0.0.0_es_b77a5c561934e089\System.Windows.Forms.Resources.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5A310 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x6C000, Path: 0x4F4: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F4: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4EC. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Windows\assembly\GAC_32\System.Windows.Forms.resources\2.0.0 .0_es-ES_b77a5c561934e089. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0 .0.0_es-ES_b77a5c561934e089. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Windows\assembly\GAC\System.Windows.Forms.resources\2.0.0.0_ es-ES_b77a5c561934e089. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es-ES\S ystem.Windows.Forms.resources.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es-ES\S ystem.Windows.Forms.resources\System.Windows.Forms.resources.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es-ES\S ystem.Windows.Forms.resources.exe. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es-ES\S ystem.Windows.Forms.resources\System.Windows.Forms.resources.exe. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a 5c561934e089\comctl32.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Microsoft\Windows\CurrentVersion\SideBySide\Assembly StorageRoots. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.ex e.Local\. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6

975e2bd6f2b2. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100020, Param 2: 0x3, Param3: 0x21, Param4: 0x0, Param5: 0x0, OutHandle: 0x4EC, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17 514_none_41e6975e2bd6f2b2. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6 975e2bd6f2b2\comctl32.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x4F0, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17 514_none_41e6975e2bd6f2b2\comctl32.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x4F4, Path: 0x 4F0: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-control s_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x6D0E0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x19E000, Path: 0x4F4: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F4: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F0. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x1200A9, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x4F8, Path: \??\C:\W indows\WindowsShell.Manifest. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x4FC, Path: 0x4 F8: \Device\HarddiskVolume1\Windows\WindowsShell.Manifest. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x86900 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x4FC: . 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x500, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x500: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x500. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x4F8: \Device\Har ddiskVolume1\Windows\WindowsShell.Manifest. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x4F8: \Device \HarddiskVolume1\Windows\WindowsShell.Manifest. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x4F8: \Device\Har ddiskVolume1\Windows\WindowsShell.Manifest. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4FC. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x8690000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x0, File: C:\W indows\WindowsShell.Manifest, AsmDir: , ResourceName: , AppName: , HMod: 0x0 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF.

0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x4FC, Path: \?? \C:\WINDOWS\FONTS\ARIAL.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arial.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arial.ttf. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4FC. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x4FC, Path: \?? \C:\WINDOWS\FONTS\ARIAL.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arial.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arial.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x4F8, Path: 0x4FC: \Device\HarddiskVolume1\Windows\Fonts\arial.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x86D00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xBF000, Path: 0x4F8: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x86D0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4FC. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x4FC, Path: \?? \C:\WINDOWS\FONTS\ARIAL.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arial.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arial.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x4F8, Path: 0x4FC: \Device\HarddiskVolume1\Windows\Fonts\arial.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x86D00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xBF000, Path: 0x4F8: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x86D0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4FC. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x4FC, Path: \?? \C:\WINDOWS\FONTS\ARIALBD.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arialbd.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arialbd.ttf.

0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4FC. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x4FC, Path: \?? \C:\WINDOWS\FONTS\ARIALBD.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arialbd.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arialbd.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x4F8, Path: 0x4FC: \Device\HarddiskVolume1\Windows\Fonts\arialbd.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x86D00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xB7000, Path: 0x4F8: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x86D0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4FC. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x4FC, Path: \?? \C:\WINDOWS\FONTS\ARIALBD.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arialbd.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arialbd.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x4F8, Path: 0x4FC: \Device\HarddiskVolume1\Windows\Fonts\arialbd.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x86D00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xB7000, Path: 0x4F8: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x86D0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4FC. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x4FC, Path: \?? \C:\WINDOWS\FONTS\ARIALI.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\ariali.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\ariali.ttf. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4FC. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x4FC, Path: \?? \C:\WINDOWS\FONTS\ARIALI.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\ariali.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5

, Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\ariali.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x4F8, Path: 0x4FC: \Device\HarddiskVolume1\Windows\Fonts\ariali.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x86D00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x88000, Path: 0x4F8: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x86D0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4FC. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x4FC, Path: \?? \C:\WINDOWS\FONTS\ARIALI.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\ariali.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\ariali.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x4F8, Path: 0x4FC: \Device\HarddiskVolume1\Windows\Fonts\ariali.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x86D00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x88000, Path: 0x4F8: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x86D0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4FC. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x4FC, Path: \?? \C:\WINDOWS\FONTS\ARIALBI.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arialbi.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arialbi.ttf. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4FC. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x4FC, Path: \?? \C:\WINDOWS\FONTS\ARIALBI.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arialbi.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arialbi.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x4F8, Path: 0x4FC: \Device\HarddiskVolume1\Windows\Fonts\arialbi.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x86D00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x8A000, Path: 0x4F8: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x86D0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0.

0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4FC. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x4FC, Path: \?? \C:\WINDOWS\FONTS\ARIALBI.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arialbi.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arialbi.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x4F8, Path: 0x4FC: \Device\HarddiskVolume1\Windows\Fonts\arialbi.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x86D00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x8A000, Path: 0x4F8: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x86D0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4FC. 0x0A10: SUCCESS: New_NtDeviceIoControlFile succeeded. Status: 0x0, Param1: 0x39 0008, Param2: 0x30, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230: \Device\ KsecDD. 0x0A10: SUCCESS: New_NtDeviceIoControlFile succeeded. Status: 0x0, Param1: 0x39 0008, Param2: 0x30, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230: \Device\ KsecDD. 0x0A10: SUCCESS: New_NtDeviceIoControlFile succeeded. Status: 0x0, Param1: 0x39 0008, Param2: 0x30, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230: \Device\ KsecDD. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_es-ES_b77 a5c561934e089. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es-ES_b 77a5c561934e089. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_es-ES_b77a5c 561934e089. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es-ES\m scorlib.resources.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es-ES\m scorlib.resources\mscorlib.resources.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es-ES\m scorlib.resources.exe. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es-ES\m scorlib.resources\mscorlib.resources.exe. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_es_b77a5c 561934e089. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089.

0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dl l. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x4FC, Path: \?? \C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\msc orlib.resources.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x4F8, Path: 0x4FC: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0 .0.0_es_b77a5c561934e089\mscorlib.Resources.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x61F50 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x4E000, Path: 0x4F8: . 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x8750000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x4E000, Path: 0x4F8: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x61F50000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x500, Path: \??\C: \Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: mscorlib.resources.INI, Path: 0x500: \Device\HarddiskVolume1\Windows \assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x500. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x500, Path: \?? \C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\msc orlib.resources.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x1, Param2: 0x18, Param3: 0x12, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Devi ce\HarddiskVolume1\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5 c561934e089\mscorlib.Resources.dll. 0x0A10: INFO: New_NtQueryInformationFile reports insufficient buffer. Status: 0x80000005, Param1: 0x12, Param2: 0x68, Param3: 0x68, Param4: 0x0, Param5: 0x0, Name: , Path: 0x4FC: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\mscorlib .resources\2.0.0.0_es_b77a5c561934e089\mscorlib.Resources.dll. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x1, Param2: 0x18, Param3: 0x12, Param4: 0x0, Param5: 0x0, Path: 0x500: \Devi ce\HarddiskVolume1\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5 c561934e089\mscorlib.Resources.dll. 0x0A10: INFO: New_NtQueryInformationFile reports insufficient buffer. Status: 0x80000005, Param1: 0x12, Param2: 0x68, Param3: 0x68, Param4: 0x0, Param5: 0x0, Name: , Path: 0x500: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\mscorlib .resources\2.0.0.0_es_b77a5c561934e089\mscorlib.Resources.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dl

l. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x504, Path: \??\C:\W indows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib .resources.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x508, Path: 0x 504: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0. 0_es_b77a5c561934e089\mscorlib.Resources.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x61F50 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x4E000, Path: 0x508: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x508: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x508. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x504. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x500. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x91000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x181000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x91000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x181000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x91000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x181000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x91000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x181000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x91000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x181000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x329B280, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x12, Param5: 0x0, Path: 0x500: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x1, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x500: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_3 2\NI\6faf58\19ab8d57. 0x0A10: INFO: New_NtEnumerateValueKey reports no more data. Status: 0x8000001 A, Param1: 0x0, Param2: 0x1, Param3: 0x20A, Param4: 0x0, Param5: 0x0, Name: , Pa th: 0x500: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50 727_32\NI\6faf58\19ab8d57. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x500. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x500: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\ 6faf58\19ab8d57\1.

0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: ConfigMask, Path: 0x500: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6 faf58\19ab8d57\1. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0xE, Param4: 0x0, Param5: 0x0, Name: ConfigString, Path: 0x500: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\ 6faf58\19ab8d57\1. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x1C, Param4: 0x0, Param5: 0x0, Name: MVID, Path: 0x500: \REGIS TRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\ 19ab8d57\1. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x500. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: EvalationData, Path: 0x500: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\N ativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\1. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x500: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf5 8\19ab8d57\1. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x48, Param4: 0x0, Param5: 0x0, Name: ILDependencies, Path: 0x5 00: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\ NI\6faf58\19ab8d57\1. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x34, Param4: 0x0, Param5: 0x0, Name: NIDependencies, Path: 0x5 00: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\ NI\6faf58\19ab8d57\1. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: MissingDependencies, Path: 0x500: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fu sion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\1. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x500. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x66, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x500: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 75638fee\7566cac\10. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x500: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638 fee\7566cac\10. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Modules, Path: 0x500: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeI magesIndex\v2.0.50727_32\IL\75638fee\7566cac\10. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x500: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee \7566cac\10. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x500: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 75638fee\7566cac\10. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x500. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: System.Data.SqlXml,2.0.0. 0,,b77a5c561934e089,MSIL, Path: 0x200: \REGISTRY\MACHINE\Software\Microsoft\Fusi on\GACChangeNotification\Default. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x

C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System .Xml.ni.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x500, Path: \??\C:\W indows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158 a04203\System.Xml.ni.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x504, Path: 0x 500: \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\System. Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5E140 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x536000, Path: 0x504: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x504: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x504. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x500. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x500, Path: \??\C: \Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: System.Xml.INI, Path: 0x500: \Device\HarddiskVolume1\Windows\assembl y\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x500. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\shfolder.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\shfolde r.dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\shfolder.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x500, Path: \??\C:\W indows\system32\shfolder.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x504, Path: 0x 500: \Device\HarddiskVolume1\Windows\SysWOW64\shfolder.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x6CD00 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x5000, Path: 0x504: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x504: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x504. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x500. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: System.Xml.ni.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Wind ows NT\CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF.

0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x500. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Category, Path: 0x504: \R EGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\F olderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x28, Param4: 0x0, Param5: 0x0, Name: Name, Path: 0x504: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Folde rDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: ParentFolder, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microso ft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7 B8E7F157091}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Description, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsof t\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B 8E7F157091}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x28, Param4: 0x0, Param5: 0x0, Name: RelativePath, Path: 0x504 : \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explor er\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: ParsingName, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsof t\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B 8E7F157091}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: InfoTip, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Wi ndows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F 157091}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: LocalizedName, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Micros oft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D557B8E7F157091}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Icon, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windo ws\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157 091}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Security, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\W indows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7 F157091}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: StreamResource, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Micro soft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55 -7B8E7F157091}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: StreamResourceType, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\M icrosoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF9D55-7B8E7F157091}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: LocalRedirectOnly, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\e xplorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Roamable, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\W indows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7 F157091}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreCreate, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\

Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E 7F157091}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Stream, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Win dows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F1 57091}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: PublishExpandedPath, Path : 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion \explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Attributes, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft \Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8 E7F157091}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: FolderTypeID, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microso ft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7 B8E7F157091}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: InitFolderHandler, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Mi crosoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9 D55-7B8E7F157091}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x504. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x504. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x504. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x504. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x504, Path: \REGISTRY\U SER\S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x504. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: Local AppData, Path: 0x50 0: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microso ft\Windows\CurrentVersion\Explorer\User Shell Folders. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x500. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK \AppData\Local\Computers and Structures. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK \AppData\Local\Computers and Structures\SafeDefaultFormatFile.fmt. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF.

0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK \AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x0, Param4: 0x1, Param5: 0x400060, OutHandle: 0x3F4F08, Pat h: \??\C:\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x3F4F08: \Dev ice\HarddiskVolume1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.in i. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x3F4F08: \Dev ice\HarddiskVolume1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.in i. 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0x4, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x508, Path: \Sessions\1 \BaseNamedObjects\Global\NLS_CodePage_1252_3_2_0_0. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x87A00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x11000, Path: 0x508: \BaseNa medObjects\NLS_CodePage_1252_3_2_0_0. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F4F08: \Device\ HarddiskVolume1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1000, Param3: 0x1E3, Param4: 0x0, Param5: 0x0, Path: 0x3F4F08: \Device\HarddiskV olume1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: INFO: New_NtReadFile reports no more data. Status: 0xC0000011, Param1 : 0x0, Param2: 0x1D, Param3: 0x0, Param4: 0x0, Param5: 0x0, Name: , Path: 0x3F4F 08: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Computers and Structures\SA FEv12.ini. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4F08. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\lsapiw32.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F4F08, Path: \??\C :\Program Files (x86)\Computers and Structures\SAFE 12\lsapiw32.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\lsapiw32.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F1E08, Path

: 0x3F4F08: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures \SAFE 12\lsapiw32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x86B0000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xE000, Path: 0x37F1E0 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ lsapiw32.dll. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x0, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1E08: \Device\HarddiskV olume1\Program Files (x86)\Computers and Structures\SAFE 12\lsapiw32.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1E08. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4F08. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: lsapiw32.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows N T\CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: INFO: Returning from method New_GetCommandLineA with: "C:\Program Fil es (x86)\Computers and Structures\SAFE 12\SAFE.exe". 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F2C88, Path: \?? \C:\Users\MarK\AppData\Local\Computers and Structures\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x82, Param4: 0x1, Param5: 0x0, Name: CSI_SentinelLM.log, Path: 0x3F2C88: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Computers and Structures\. 0x0A10: INFO: New_NtQueryDirectoryFile reports no more data. Status: 0x800000 06, Param1: 0x3, Param2: 0x1000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Name: , Path: 0x3F2C88: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Computers and S tructures\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F2C88, Path: \?? \C:\Users\MarK\AppData\Local\Computers and Structures\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x82, Param4: 0x1, Param5: 0x0, Name: CSI_SentinelLM.log, Path: 0x3F2C88: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Computers and Structures\. 0x0A10: INFO: New_NtQueryDirectoryFile reports no more data. Status: 0x800000 06, Param1: 0x3, Param2: 0x1000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Name: , Path: 0x3F2C88: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Computers and S tructures\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK \AppData\Local\Computers and Structures\CSI_SentinelLM.log. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x

C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F2C88, Path: \?? \C:\Users\MarK\AppData\Local\Computers and Structures\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x82, Param4: 0x1, Param5: 0x0, Name: CSI_SentinelLM.log, Path: 0x3F2C88: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Computers and Structures\. 0x0A10: INFO: New_NtQueryDirectoryFile reports no more data. Status: 0x800000 06, Param1: 0x3, Param2: 0x1000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Name: , Path: 0x3F2C88: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Computers and S tructures\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK \AppData\Local\Computers and Structures\CSI_SentinelLM.log. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x10080, Param2 : 0x7, Param3: 0x204040, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F4FF8, Path: \? ?\C:\Users\MarK\AppData\Local\Computers and Structures\CSI_SentinelLM.log. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x2 3, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x3F4FF8: \Device\H arddiskVolume1\Users\MarK\AppData\Local\Computers and Structures\CSI_SentinelLM. log. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xD, Param2: 0x1, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4FF8: \Device\Hard diskVolume1\Users\MarK\AppData\Local\Computers and Structures\CSI_SentinelLM.log . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4FF8. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x40100080, P aram2: 0x0, Param3: 0x0, Param4: 0x5, Param5: 0x400060, OutHandle: 0x3F4FF8, Pat h: \??\C:\Users\MarK\AppData\Local\Computers and Structures\CSI_SentinelLM.log. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x3F4FF8: \Dev ice\HarddiskVolume1\Users\MarK\AppData\Local\Computers and Structures\CSI_Sentin elLM.log. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x3F4FF8: \Dev ice\HarddiskVolume1\Users\MarK\AppData\Local\Computers and Structures\CSI_Sentin elLM.log. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\tzres.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x514, Path: \??\ C:\Windows\system32\tzres.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P

aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x518, Path: 0x514: \Device\HarddiskVolume1\Windows\SysWOW64\tzres.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x88C00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x518: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x514. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x518. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32C8EC8, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x88C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\tzres.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x518, Path: \??\ C:\Windows\system32\tzres.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x514, Path: 0x518: \Device\HarddiskVolume1\Windows\SysWOW64\tzres.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x88C00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x514: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x518. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x514. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32C8EC8, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x88C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC000003A, Pa th: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\License Manager\ Level.txt. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x91000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x181000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x91000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x181000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x91000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x181000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Level.txt. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x91000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x181000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0.

0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x91000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x181000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x91000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x181000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x514, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x514: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x514. 0x0A10: INFO: New_NtOpenFile reports item not found: Status: 0xC0000034, Path : \??\C:\Windows\system32\UxTheme.dll.Config. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x120089, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x514, Path: \??\C:\W indows\system32\UxTheme.dll. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x514: \Device \HarddiskVolume1\Windows\SysWOW64\uxtheme.dll. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x514: \Device\Har ddiskVolume1\Windows\SysWOW64\uxtheme.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x514. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x88, File: , A smDir: , ResourceName: Int Resource: 1, AppName: , HMod: 0x74AE0000 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Microsoft\Windows\CurrentVersion\SideBySide\Assembly StorageRoots. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.ex e.Local\. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6 975e2bd6f2b2. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100020, Param 2: 0x3, Param3: 0x21, Param4: 0x0, Param5: 0x0, OutHandle: 0x514, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17 514_none_41e6975e2bd6f2b2. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x88C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x514. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x514. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x518. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\ole32.dll.

0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x518, Path: \??\C:\W indows\system32\ole32.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x514, Path: 0x 518: \Device\HarddiskVolume1\Windows\SysWOW64\ole32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x9A60000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x15C000, Path: 0x514: . 0x0A10: SUCCESS: New_NtAreMappedFilesTheSame succeeded. Status: 0x0, Param1: 0x 76950000, Param2: 0x9A60000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9A60000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x514. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x518. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x518. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x514. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Enable, Path: 0x514: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\ LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x514. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x514. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x518. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x518. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x514. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x514. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x51C. 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0x4, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x51C, Path: \Sessions\1 \BaseNamedObjects\Local\CTF.AsmListCache.FMPDefault1. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x88C00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x3000, Path: 0x51C: \Session s\1\BaseNamedObjects\CTF.AsmListCache.FMPDefault1. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x88C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x51C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\

SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x520: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Categ ory\{534C48C1-0607-4098-A521-4FC899C73E90}. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x1, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x520: \REGISTRY\MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A5 69205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x520. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x520: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Categ ory\{534C48C1-0607-4098-A521-4FC899C73E90}. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x520: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Categ ory\{534C48C1-0607-4098-A521-4FC899C73E90}. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x520: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Categ ory\{534C48C1-0607-4098-A521-4FC899C73E90}. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x520: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Categ ory\{534C48C1-0607-4098-A521-4FC899C73E90}. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x520: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Categ ory\{534C48C1-0607-4098-A521-4FC899C73E90}. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x520: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Categ ory\{534C48C1-0607-4098-A521-4FC899C73E90}. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x6, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x520: \REGISTRY\MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8 F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x520. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x7, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x8, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x9, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xA, Param2

: 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xB, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xC, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xD, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xE, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xF, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x10, Param 2: 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE \SOFTWARE\Microsoft\CTF\TIP. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x11, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0x51C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x51C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x51C. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x51C, Path: \REGISTRY\U SER\S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x51C. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Language Hotkey, Path: 0x520: \REGISTRY\USER\S-1-5-21-4048755273-30075549 95-782353158-1001\Keyboard Layout\Toggle. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Hotkey, Path: 0x520: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353 158-1001\Keyboard Layout\Toggle. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Layout Hotkey, Path: 0x520: \REGISTRY\USER\S-1-5-21-4048755273-3007554995 -782353158-1001\Keyboard Layout\Toggle. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x520. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9A88698, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9A88698, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9A88698, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0x4, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x520, Path: \Sessions\1 \BaseNamedObjects\Local\CTF.AsmListCache.FMPDefault1. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x88C00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x3000, Path: 0x520: \Session s\1\BaseNamedObjects\CTF.AsmListCache.FMPDefault1. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x88C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x520. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF

FFFFF, Param2: 0x9A88698, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9A88698, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x520. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x520, Path: \REGISTRY\U SER\S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x520. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x0, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x51C: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Micr osoft\CTF\DirectSwitchHotkeys. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x51C. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: EnableAnchorContext, Path: 0x51C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\ Microsoft\CTF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x51C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Interop.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Fi les (x86)\Computers and Structures\SAFE 12\Interop.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x3F5070, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Interop.CsiGoLib.dll . 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\Interop.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F1E70, P ath: 0x3F5070: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\Interop.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x609C0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x6E000, Path: 0x37F1E70: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\Inter op.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x92E0000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x6E000, Path: 0x37F1E 70: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12 \Interop.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x609C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x0, Param1: 0 x1, Param2: 0x1, Param3: 0x2, Param4: 0x0, Param5: 0x0, Path: 0x430: . 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F2C88, Path: \?? \C:\Program Files (x86)\Computers and Structures\SAFE 12\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: Interop.CsiGoLib.INI, Path: 0x3F2C88: \Device\HarddiskVolume1\Progra m Files (x86)\Computers and Structures\SAFE 12\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x3F50E8, Path: \ ??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Interop.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F50E8: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\Interop.Csi GoLib.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\Interop.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1ED8, P ath: 0x3F50E8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\Interop.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x93500 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x6A000, Path: 0x37F1ED8: \De vice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\Intero p.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9350000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1ED8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F50E8. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x3F50E8, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Interop.CsiGoLib.dll . 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x1, Param2: 0x18, Param3: 0x12, Param4: 0x0, Param5: 0x0, Path: 0x3F5070: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\Inter op.CsiGoLib.dll. 0x0A10: INFO: New_NtQueryInformationFile reports insufficient buffer. Status: 0x80000005, Param1: 0x12, Param2: 0x68, Param3: 0x68, Param4: 0x0, Param5: 0x0, Name: , Path: 0x3F5070: \Device\HarddiskVolume1\Program Files (x86)\Computers a nd Structures\SAFE 12\Interop.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x1, Param2: 0x18, Param3: 0x12, Param4: 0x0, Param5: 0x0, Path: 0x3F50E8: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\Inter op.CsiGoLib.dll. 0x0A10: INFO: New_NtQueryInformationFile reports insufficient buffer. Status: 0x80000005, Param1: 0x12, Param2: 0x68, Param3: 0x68, Param4: 0x0, Param5: 0x0, Name: , Path: 0x3F50E8: \Device\HarddiskVolume1\Program Files (x86)\Computers a nd Structures\SAFE 12\Interop.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Interop.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F5160, Path: \??\C :\Program Files (x86)\Computers and Structures\SAFE 12\Interop.CsiGoLib.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\Interop.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F1ED8, Path

: 0x3F5160: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures \SAFE 12\Interop.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x609C0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x6E000, Path: 0x37F1ED8: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\Inter op.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1ED8: \Device\HarddiskV olume1\Program Files (x86)\Computers and Structures\SAFE 12\Interop.CsiGoLib.dll . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1ED8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F5160. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F50E8. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Interop.DAO.dll. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Fi les (x86)\Computers and Structures\SAFE 12\Interop.DAO.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x3F50E8, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Interop.DAO.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\Interop.DAO.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F1F40, P ath: 0x3F50E8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\Interop.DAO.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x620C0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x14000, Path: 0x37F1F40: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\Inter op.DAO.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x9350000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x14000, Path: 0x37F1F 40: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12 \Interop.DAO.dll. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x620C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x0, Param1: 0 x1, Param2: 0x1, Param3: 0x2, Param4: 0x0, Param5: 0x0, Path: 0x430: . 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F2C88, Path: \?? \C:\Program Files (x86)\Computers and Structures\SAFE 12\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: Interop.DAO.INI, Path: 0x3F2C88: \Device\HarddiskVolume1\Program Fil es (x86)\Computers and Structures\SAFE 12\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x3F51D8, Path: \ ??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Interop.DAO.dll.

0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F51D8: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\Interop.DAO .dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\Interop.DAO.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1FA8, P ath: 0x3F51D8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\Interop.DAO.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x93700 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x10000, Path: 0x37F1FA8: \De vice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\Intero p.DAO.dll. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9370000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1FA8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F51D8. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x3F51D8, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Interop.DAO.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x1, Param2: 0x18, Param3: 0x12, Param4: 0x0, Param5: 0x0, Path: 0x3F50E8: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\Inter op.DAO.dll. 0x0A10: INFO: New_NtQueryInformationFile reports insufficient buffer. Status: 0x80000005, Param1: 0x12, Param2: 0x68, Param3: 0x68, Param4: 0x0, Param5: 0x0, Name: , Path: 0x3F50E8: \Device\HarddiskVolume1\Program Files (x86)\Computers a nd Structures\SAFE 12\Interop.DAO.dll. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x1, Param2: 0x18, Param3: 0x12, Param4: 0x0, Param5: 0x0, Path: 0x3F51D8: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\Inter op.DAO.dll. 0x0A10: INFO: New_NtQueryInformationFile reports insufficient buffer. Status: 0x80000005, Param1: 0x12, Param2: 0x68, Param3: 0x68, Param4: 0x0, Param5: 0x0, Name: , Path: 0x3F51D8: \Device\HarddiskVolume1\Program Files (x86)\Computers a nd Structures\SAFE 12\Interop.DAO.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Interop.DAO.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F5250, Path: \??\C :\Program Files (x86)\Computers and Structures\SAFE 12\Interop.DAO.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\Interop.DAO.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F1FA8, Path : 0x3F5250: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures \SAFE 12\Interop.DAO.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x620C0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x14000, Path: 0x37F1FA8: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\Inter

op.DAO.dll. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1FA8: \Device\HarddiskV olume1\Program Files (x86)\Computers and Structures\SAFE 12\Interop.DAO.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1FA8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F5250. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F51D8. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x16, Param4: 0x0, Param5: 0x0, Name: User Name, Path: 0x538: \ REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Computers and Structures, Inc.\SAFE\12. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x538. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0xE, Param4: 0x0, Param5: 0x0, Name: Company Name, Path: 0x538: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Computers and Structures, Inc.\SAFE\12. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x538. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Serial Number, Path: 0x538: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Comput ers and Structures, Inc.\SAFE\12. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x538. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x7E, Param4: 0x0, Param5: 0x0, Name: Install Path, Path: 0x538 : \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Computers and Structures, Inc.\SAFE\12. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x538. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F51D8, Path: \??\C :\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo.DLL. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\csigo.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F2010, Path : 0x3F51D8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures \SAFE 12\csigo.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x9E60000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x458000, Path: 0x37F2 010: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 1 2\csigo.dll. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x0, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F2010: \Device\HarddiskV olume1\Program Files (x86)\Computers and Structures\SAFE 12\csigo.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F2010. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F51D8. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x1200A9, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x54C, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu

al\SXS\Manifests\csigo.dll_0x06A0B0D14D8FD29438C9931DEFFB6AE0.2.manifest. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x550, Path: 0x5 4C: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12 .1.1.0\2009.05.01T11.29\Virtual\SXS\Manifests\csigo.dll_0x06A0B0D14D8FD29438C993 1DEFFB6AE0.2.manifest. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x93800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x550: . 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x554, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x554: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x554. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x54C: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\csigo.dll_0x06A0B0D14D8FD29438C9931DEFFB6AE0.2.ma nifest. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x54C: \Device \HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009 .05.01T11.29\Virtual\SXS\Manifests\csigo.dll_0x06A0B0D14D8FD29438C9931DEFFB6AE0. 2.manifest. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x54C: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\csigo.dll_0x06A0B0D14D8FD29438C9931DEFFB6AE0.2.ma nifest. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9380000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x88, File: C:\ Program Files (x86)\Computers and Structures\SAFE 12\CsiGo.DLL, AsmDir: , Resour ceName: Int Resource: 2, AppName: , HMod: 0x9E60000 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\CsiGo_a.dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_a.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F52C8, Path: \??\C :\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_a.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\CsiGo_a.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F2078, Path : 0x3F52C8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures \SAFE 12\CsiGo_a.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x93A0000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x39000, Path: 0x37F20 78: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12 \CsiGo_a.dll. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x0, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x0.

0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F2078: \Device\HarddiskV olume1\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_a.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F2078. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F52C8. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x1200A9, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x554, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\SXS\Manifests\CsiGo_a.dll_0x4053694B337B53038CADBDE109C7EE25.2.manifest. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x558, Path: 0x5 54: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12 .1.1.0\2009.05.01T11.29\Virtual\SXS\Manifests\CsiGo_a.dll_0x4053694B337B53038CAD BDE109C7EE25.2.manifest. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x93800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x558: . 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x55C, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x55C: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x55C. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x554: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\CsiGo_a.dll_0x4053694B337B53038CADBDE109C7EE25.2. manifest. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x554: \Device \HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009 .05.01T11.29\Virtual\SXS\Manifests\CsiGo_a.dll_0x4053694B337B53038CADBDE109C7EE2 5.2.manifest. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x554: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\CsiGo_a.dll_0x4053694B337B53038CADBDE109C7EE25.2. manifest. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x554. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x558. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9380000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x88, File: C:\ Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_a.dll, AsmDir: , Reso urceName: Int Resource: 2, AppName: , HMod: 0x93A0000 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\CsiGo_n.dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_n.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F5340, Path: \??\C :\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_n.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\csigo_n.dll.

0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F20E0, Path : 0x3F5340: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures \SAFE 12\csigo_n.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0xA2C0000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x2D2000, Path: 0x37F2 0E0: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 1 2\csigo_n.dll. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x0, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F20E0: \Device\HarddiskV olume1\Program Files (x86)\Computers and Structures\SAFE 12\csigo_n.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F20E0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F5340. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x1200A9, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x55C, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\SXS\Manifests\csigo_n.dll_0x64378CCDA5E00ED1AC992FD78137698D.2.manifest. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x560, Path: 0x5 5C: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12 .1.1.0\2009.05.01T11.29\Virtual\SXS\Manifests\csigo_n.dll_0x64378CCDA5E00ED1AC99 2FD78137698D.2.manifest. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x93800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x560: . 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x564, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x564: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x564. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x55C: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\csigo_n.dll_0x64378CCDA5E00ED1AC992FD78137698D.2. manifest. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x55C: \Device \HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009 .05.01T11.29\Virtual\SXS\Manifests\csigo_n.dll_0x64378CCDA5E00ED1AC992FD78137698 D.2.manifest. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x55C: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\csigo_n.dll_0x64378CCDA5E00ED1AC992FD78137698D.2. manifest. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x55C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x560. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9380000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x88, File: C:\ Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_n.dll, AsmDir: , Reso urceName: Int Resource: 2, AppName: , HMod: 0xA2C0000

0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100020, Param 2: 0x3, Param3: 0x21, Param4: 0x0, Param5: 0x0, OutHandle: 0x560, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\SxS\[email protected]\. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\SxS\Micros [email protected]\MSVCR80.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x55C, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\SxS\[email protected]\MSVCR80.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x564, Path: 0x 55C: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\1 2.1.1.0\2009.05.01T11.29\Virtual\SXS\[email protected]\msvcr80.dl l. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5A270 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x9B000, Path: 0x564: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x564: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x564. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x55C. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\libguide40.dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\libguide40.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F53B8, Path: \??\C :\Program Files (x86)\Computers and Structures\SAFE 12\libguide40.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\libguide40.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F2148, Path : 0x3F53B8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures \SAFE 12\libguide40.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x9930000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x64000, Path: 0x37F21 48: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12 \libguide40.dll. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x0, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F2148: \Device\HarddiskV olume1\Program Files (x86)\Computers and Structures\SAFE 12\libguide40.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F2148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\CsiGo_d.dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_d.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F5430, Path: \??\C :\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_d.dll.

0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\CsiGo_d.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F21B0, Path : 0x3F5430: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures \SAFE 12\CsiGo_d.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x9380000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x6000, Path: 0x37F21B 0: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ CsiGo_d.dll. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x0, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F21B0: \Device\HarddiskV olume1\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_d.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F21B0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F5430. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x1200A9, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x570, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\SXS\Manifests\CsiGo_d.dll_0x1A41C3AEE1A7F2780CB1D2A8EEDE9774.2.manifest. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x574, Path: 0x5 70: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12 .1.1.0\2009.05.01T11.29\Virtual\SXS\Manifests\CsiGo_d.dll_0x1A41C3AEE1A7F2780CB1 D2A8EEDE9774.2.manifest. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x99A00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x574: . 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x578, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x578: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x578. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x570: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\CsiGo_d.dll_0x1A41C3AEE1A7F2780CB1D2A8EEDE9774.2. manifest. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x570: \Device \HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009 .05.01T11.29\Virtual\SXS\Manifests\CsiGo_d.dll_0x1A41C3AEE1A7F2780CB1D2A8EEDE977 4.2.manifest. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x570: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\CsiGo_d.dll_0x1A41C3AEE1A7F2780CB1D2A8EEDE9774.2. manifest. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x570. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x574. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x99A0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x88, File: C:\

Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_d.dll, AsmDir: , Reso urceName: Int Resource: 2, AppName: , HMod: 0x9380000 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100020, Param 2: 0x3, Param3: 0x21, Param4: 0x0, Param5: 0x0, OutHandle: 0x574, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\SxS\[email protected]\. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100020, Param 2: 0x3, Param3: 0x21, Param4: 0x0, Param5: 0x0, OutHandle: 0x570, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\SxS\[email protected]\. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\CsiGo_b.dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_b.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F54A8, Path: \??\C :\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_b.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\CsiGo_b.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F2218, Path : 0x3F54A8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures \SAFE 12\CsiGo_b.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x99A0000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xD000, Path: 0x37F221 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ CsiGo_b.dll. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x0, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F2218: \Device\HarddiskV olume1\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_b.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F2218. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F54A8. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x1200A9, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x580, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\SXS\Manifests\CsiGo_b.dll_0xE32E002AA4A681C4C6F52974BB4B1B5D.2.manifest. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x584, Path: 0x5 80: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12 .1.1.0\2009.05.01T11.29\Virtual\SXS\Manifests\CsiGo_b.dll_0xE32E002AA4A681C4C6F5 2974BB4B1B5D.2.manifest. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x99C00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x584: . 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x588, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x588: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x588. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x580: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\CsiGo_b.dll_0xE32E002AA4A681C4C6F52974BB4B1B5D.2.

manifest. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x580: \Device \HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009 .05.01T11.29\Virtual\SXS\Manifests\CsiGo_b.dll_0xE32E002AA4A681C4C6F52974BB4B1B5 D.2.manifest. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x580: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\CsiGo_b.dll_0xE32E002AA4A681C4C6F52974BB4B1B5D.2. manifest. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x580. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x584. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x99C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x88, File: C:\ Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_b.dll, AsmDir: , Reso urceName: Int Resource: 2, AppName: , HMod: 0x99A0000 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100020, Param 2: 0x3, Param3: 0x21, Param4: 0x0, Param5: 0x0, OutHandle: 0x584, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\SxS\[email protected]\. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\CsiGo_f.dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_f.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F5520, Path: \??\C :\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_f.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\CsiGo_f.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F2280, Path : 0x3F5520: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures \SAFE 12\CsiGo_f.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x99E0000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x49000, Path: 0x37F22 80: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12 \CsiGo_f.dll. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x0, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F2280: \Device\HarddiskV olume1\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_f.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F2280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F5520. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x1200A9, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x58C, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\SXS\Manifests\CsiGo_f.dll_0x4079BB2C2CE00EAAA74AC0793D32B77E.2.manifest. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x590, Path: 0x5 8C: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12 .1.1.0\2009.05.01T11.29\Virtual\SXS\Manifests\CsiGo_f.dll_0x4079BB2C2CE00EAAA74A C0793D32B77E.2.manifest.

0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x99C00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x590: . 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x594, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x594: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x594. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x58C: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\CsiGo_f.dll_0x4079BB2C2CE00EAAA74AC0793D32B77E.2. manifest. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x58C: \Device \HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009 .05.01T11.29\Virtual\SXS\Manifests\CsiGo_f.dll_0x4079BB2C2CE00EAAA74AC0793D32B77 E.2.manifest. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x58C: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\CsiGo_f.dll_0x4079BB2C2CE00EAAA74AC0793D32B77E.2. manifest. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x58C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x590. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x99C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x88, File: C:\ Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_f.dll, AsmDir: , Reso urceName: Int Resource: 2, AppName: , HMod: 0x99E0000 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100020, Param 2: 0x3, Param3: 0x21, Param4: 0x0, Param5: 0x0, OutHandle: 0x590, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\SxS\[email protected]\. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\SxS\Micros [email protected]\MSVCP80.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x58C, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\SxS\[email protected]\MSVCP80.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x594, Path: 0x 58C: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\1 2.1.1.0\2009.05.01T11.29\Virtual\SXS\[email protected]\msvcp80.dl l. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x592B0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x87000, Path: 0x594: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x594: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x594. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x58C. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100020, Param

2: 0x3, Param3: 0x21, Param4: 0x0, Param5: 0x0, OutHandle: 0x58C, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\SXS\Manifests\. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2 009.05.01T11.29\Virtual\SXS\Manifests\CsiGo_g.DLL. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9E60000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9390000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x99E0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x592B0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9A30000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x590. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x99A0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x99D0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x584. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x93A0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x93E0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x570. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9380000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x99B0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x574. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0xA2C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9930000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x5A270000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x560. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x560. 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0x4, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x560, Path: \Sessions\1 \BaseNamedObjects\Global\__ComCatalogCache__. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x93800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x560: \BaseNam edObjects\__ComCatalogCache__. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Com+Enabled, Path: 0x564: \REGISTRY\MACHINE\SOFTWARE\Microsoft\COM3. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x564. 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0xF, Param2:

0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x564, Path: \KnownDlls3 2\CLBCatQ.DLL. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x766C0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x83000, Path: 0x564: \Known Dlls32\clbcatq.dll. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x564: \KnownDlls32\clbcatq. dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x564. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Interop.CsiGoLib.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Microsoft\W indows NT\CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Interop.DAO.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Window s NT\CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: MaxSxSHashCount, Path: 0x558: \REGISTRY\MACHINE\SOFTWARE\Microsoft\OLE. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x558. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x558. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x558. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x554. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2 009.05.01T11.29\Virtual\SXS\Manifests\CsiGo_g.dll. 0x0A10: WARNING: Call to New_CoGetClassObject failed with hr: 0x8007007E, Clsid BC5F5EEC-6B31-412E-AA4AF747F49A461C, Param1: 0x15, Param2: 0x0, Param3: 0x0. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x0, OutHandle: 0x554, Path: \??\C :\Windows\syswow64\es-ES\KERNELBASE.dll.mui. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x8, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x558, Path: 0x554: \Device\HarddiskVolume1\Windows\SysWOW64\es-ES\KernelBase.dll.mui. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x99200 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xD8000, Path: 0x558: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x558. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x91000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x181000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x3, Param2: 0x 180, Param3: 0x8C, Param4: 0x0, Param5: 0x0, Path: 0x4DA: \REGISTRY\USER\S-1-5-2 1-4048755273-3007554995-782353158-1001_CLASSES. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x7, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x4DA: \REGISTRY\USER\S-1-5-21-4 048755273-3007554995-782353158-1001_CLASSES. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x3, Param2: 0x 188, Param3: 0xD8, Param4: 0x0, Param5: 0x0, Path: 0x572: \REGISTRY\MACHINE\SOFT WARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServ

er32. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x7, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x572: \REGISTRY\MACHINE\SOFTWAR E\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer3 2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x24, Param4: 0x0, Param5: 0x0, Path: 0x572: \REGISTRY\MACHINE\ SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Inproc Server32. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x3, Param2: 0x 188, Param3: 0xD8, Param4: 0x0, Param5: 0x0, Path: 0x572: \REGISTRY\MACHINE\SOFT WARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServ er32. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x7, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x572: \REGISTRY\MACHINE\SOFTWAR E\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer3 2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x24, Param4: 0x0, Param5: 0x0, Path: 0x572: \REGISTRY\MACHINE\ SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Inproc Server32. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x572. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x3, Param2: 0x 180, Param3: 0x8C, Param4: 0x0, Param5: 0x0, Path: 0x4DA: \REGISTRY\USER\S-1-5-2 1-4048755273-3007554995-782353158-1001_CLASSES. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x7, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x4DA: \REGISTRY\USER\S-1-5-21-4 048755273-3007554995-782353158-1001_CLASSES. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x3, Param2: 0x 188, Param3: 0xC8, Param4: 0x0, Param5: 0x0, Path: 0x572: \REGISTRY\MACHINE\SOFT WARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x7, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x572: \REGISTRY\MACHINE\SOFTWAR E\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x2E, Param4: 0x0, Param5: 0x0, Path: 0x572: \REGISTRY\MACHINE\ SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x3, Param2: 0x 188, Param3: 0xC8, Param4: 0x0, Param5: 0x0, Path: 0x572: \REGISTRY\MACHINE\SOFT WARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x7, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x572: \REGISTRY\MACHINE\SOFTWAR E\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x2E, Param4: 0x0, Param5: 0x0, Path: 0x572: \REGISTRY\MACHINE\ SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x572. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0,

Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Micros oft.NET\Framework\v2.0.50727\diasymreader.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x570, Path: \??\C:\W indows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x 570: \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\diasymre ader.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x9E60000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x8D000, Path: 0x550: . 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x0, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x570. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x570, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x570: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x570. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x120089, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x570, Path: \??\C:\W indows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x570: \Device \HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x570: \Device\Har ddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x570. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x88, File: C:\ Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll, AsmDir: , ResourceN ame: Int Resource: 2, AppName: , HMod: 0x9E60000 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Microsoft\Windows\CurrentVersion\SideBySide\Assembly StorageRoots. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.ex e.Local\. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100020, Param 2: 0x3, Param3: 0x21, Param4: 0x0, Param5: 0x0, OutHandle: 0x570, Path: \??\C:\W indows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154 e044272b9a. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: diasymreader.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windo ws NT\CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF.

0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.PD B. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x3F53B8, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Dev ice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.ex e. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\Hard diskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1000, Param3: 0x1000, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\Harddisk Volume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\Hard diskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 200, Param3: 0x200, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVo lume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\Hard diskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 200, Param3: 0x200, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVo lume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\Hard diskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 200, Param3: 0x200, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVo lume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\Hard diskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 200, Param3: 0x200, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVo lume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\Hard diskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 200, Param3: 0x200, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVo lume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.pdb. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC000003A, Pa th: \??\C:\Windows\symbols\exe\SAFE.pdb. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC000003A, Pa th: \??\C:\Windows\exe\SAFE.pdb. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Windows\SAFE.pdb. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x3, Param2: 0x 180, Param3: 0x8C, Param4: 0x0, Param5: 0x0, Path: 0x4DA: \REGISTRY\USER\S-1-5-2

1-4048755273-3007554995-782353158-1001_CLASSES. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x7, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x4DA: \REGISTRY\USER\S-1-5-21-4 048755273-3007554995-782353158-1001_CLASSES. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x3, Param2: 0x 188, Param3: 0xD8, Param4: 0x0, Param5: 0x0, Path: 0x552: \REGISTRY\MACHINE\SOFT WARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServ er32. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x7, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x552: \REGISTRY\MACHINE\SOFTWAR E\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer3 2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x24, Param4: 0x0, Param5: 0x0, Path: 0x552: \REGISTRY\MACHINE\ SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Inproc Server32. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x3, Param2: 0x 188, Param3: 0xD8, Param4: 0x0, Param5: 0x0, Path: 0x552: \REGISTRY\MACHINE\SOFT WARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServ er32. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x7, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x552: \REGISTRY\MACHINE\SOFTWAR E\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer3 2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x24, Param4: 0x0, Param5: 0x0, Path: 0x552: \REGISTRY\MACHINE\ SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Inproc Server32. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x552. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x550, Path: \?? \C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device \HarddiskVolume1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\msco rlib.dll. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\Harddis kVolume1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll . 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1000, Param3: 0x1000, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\HarddiskVol ume1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\Harddis kVolume1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll . 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 200, Param3: 0x200, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\HarddiskVolum e1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\Harddis kVolume1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 200, Param3: 0x200, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\HarddiskVolum e1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\Harddis kVolume1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll . 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 200, Param3: 0x200, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\HarddiskVolum e1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\Harddis kVolume1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll . 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 200, Param3: 0x200, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\HarddiskVolum e1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.p db. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC000003A, Pa th: \??\C:\Windows\symbols\dll\mscorlib.pdb. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC000003A, Pa th: \??\C:\Windows\dll\mscorlib.pdb. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Windows\mscorlib.pdb. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x3, Param2: 0x 180, Param3: 0x8C, Param4: 0x0, Param5: 0x0, Path: 0x4DA: \REGISTRY\USER\S-1-5-2 1-4048755273-3007554995-782353158-1001_CLASSES. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x7, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x4DA: \REGISTRY\USER\S-1-5-21-4 048755273-3007554995-782353158-1001_CLASSES. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x3, Param2: 0x 188, Param3: 0xD8, Param4: 0x0, Param5: 0x0, Path: 0x552: \REGISTRY\MACHINE\SOFT WARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServ er32. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x7, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x552: \REGISTRY\MACHINE\SOFTWAR E\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer3 2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x24, Param4: 0x0, Param5: 0x0, Path: 0x552: \REGISTRY\MACHINE\ SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Inproc Server32. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x3, Param2: 0x 188, Param3: 0xD8, Param4: 0x0, Param5: 0x0, Path: 0x552: \REGISTRY\MACHINE\SOFT WARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServ er32. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x7, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x552: \REGISTRY\MACHINE\SOFTWAR E\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer3 2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x24, Param4: 0x0, Param5: 0x0, Path: 0x552: \REGISTRY\MACHINE\ SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Inproc Server32. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x552. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x550, Path: \?? \C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\Sys tem.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device \HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c5 61934e089\System.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\Harddis kVolume1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e08 9\System.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1000, Param3: 0x1000, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\HarddiskVol ume1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\Sy stem.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\Harddis kVolume1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e08 9\System.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 200, Param3: 0x200, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\HarddiskVolum e1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\Syst em.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\Harddis kVolume1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e08 9\System.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 200, Param3: 0x200, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\HarddiskVolum e1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\Syst em.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\Harddis kVolume1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e08 9\System.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 200, Param3: 0x200, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\HarddiskVolum e1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\Syst em.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\Harddis kVolume1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e08 9\System.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 200, Param3: 0x200, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\HarddiskVolum e1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\Syst em.Windows.Forms.dll. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e 089\System.Windows.Forms.pdb.

0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC000003A, Pa th: \??\C:\Windows\symbols\dll\System.Windows.Forms.pdb. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC000003A, Pa th: \??\C:\Windows\dll\System.Windows.Forms.pdb. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Windows\System.Windows.Forms.pdb. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Mi crosoft.NET\Framework\v2.0.50727\mscorlib.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Micros oft.NET\Framework\v2.0.50727\mscorlib.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x550, Path: \??\ C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x54C, Path: 0x5 50: \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib. dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x556D0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x45A000, Path: 0x54C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x556D0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Micros oft.NET\Framework\v2.0.50727\mscorlib.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x550, Path: \??\ C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x54C, Path: 0x5 50: \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib. dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x55270 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x45A000, Path: 0x54C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x55270000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Mi crosoft.NET\Framework\v4.0.30319. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x400060, OutHandle: 0x54C, Path: \??\C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x54C: \Device \HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.confi g. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x54C: \Device \HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.confi g. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x54C: \Device\Har ddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1000, Param3: 0x1000, Param4: 0x0, Param5: 0x0, Path: 0x54C: \Device\HarddiskVol ume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1000, Param3: 0x1000, Param4: 0x0, Param5: 0x0, Path: 0x54C: \Device\HarddiskVol ume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1000, Param3: 0x1000, Param4: 0x0, Param5: 0x0, Path: 0x54C: \Device\HarddiskVol ume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1000, Param3: 0x1000, Param4: 0x0, Param5: 0x0, Path: 0x54C: \Device\HarddiskVol ume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1000, Param3: 0x1000, Param4: 0x0, Param5: 0x0, Path: 0x54C: \Device\HarddiskVol ume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1000, Param3: 0x1000, Param4: 0x0, Param5: 0x0, Path: 0x54C: \Device\HarddiskVol ume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1000, Param3: 0x36F, Param4: 0x0, Param5: 0x0, Path: 0x54C: \Device\HarddiskVolu me1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: INFO: New_NtReadFile reports no more data. Status: 0xC0000011, Param1 : 0x0, Param2: 0x1000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Name: , Path: 0x54 C: \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\mac hine.config. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x

C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe.config. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x91000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x181000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Fi les (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\as sembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Visual Basic.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasi c.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x54C, Path: \??\ C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Mic rosoft.VisualBasic.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x5 4C: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0. 0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5A270 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x9A000, Path: 0x550: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C.

0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x5A270000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasi c.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x54C, Path: \??\ C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Mic rosoft.VisualBasic.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x5 4C: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0. 0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x592A0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x9A000, Path: 0x550: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x592A0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\as sembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x54C, Path: \??\ C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x5 4C: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c5619 34e089\System.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x60440 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x30E000, Path: 0x550: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x60440000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x

C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x54C, Path: \??\ C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x5 4C: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c5619 34e089\System.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x60440 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x30E000, Path: 0x550: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x60440000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\as sembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Fo rms.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms. dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x54C, Path: \??\ C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\Syst em.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x5 4C: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0 .0__b77a5c561934e089\System.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5F360 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x4CE000, Path: 0x550: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x5F360000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.

dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x54C, Path: \??\ C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\Syst em.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x5 4C: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0 .0__b77a5c561934e089\System.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5F360 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x4CE000, Path: 0x550: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x5F360000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\as sembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x54C, Path: \??\ C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Dra wing.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x5 4C: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b0 3f5f7f11d50a3a\System.Drawing.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5FAF0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x9C000, Path: 0x550: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x5FAF0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x54C, Path: \??\ C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Dra wing.dll.

0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x5 4C: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b0 3f5f7f11d50a3a\System.Drawing.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5FAF0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x9C000, Path: 0x550: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x5FAF0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\as sembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime .Remoting.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Rem oting.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x54C, Path: \??\ C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\S ystem.Runtime.Remoting.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x5 4C: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2. 0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x60920 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x4C000, Path: 0x550: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x60920000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Rem oting.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x54C, Path: \??\ C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\S ystem.Runtime.Remoting.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x5

4C: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2. 0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5A2C0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x4C000, Path: 0x550: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x5A2C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Fi les (x86)\Computers and Structures\SAFE 12\CSIDetailerDLL.DLL. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\CSIDetailerDLL.DLL. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\CSIDetailerDLL.DLL. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\as sembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0.

0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\as sembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Mi crosoft.VisualBasic.Compatibility.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Micros oft.VisualBasic.Compatibility.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Micros oft.VisualBasic.Compatibility.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\as sembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_es_b77a5c561934e089\Syste m.Windows.Forms.resources.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_es_b77a5c561934e089\System.Wi ndows.Forms.resources.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_es_b77a5c561934e089\System.Wi ndows.Forms.resources.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Mi crosoft.NET\Framework\v2.0.50727\mscorlib.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x

C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Micros oft.NET\Framework\v2.0.50727\mscorlib.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x54C, Path: \??\ C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x5 4C: \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib. dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x556D0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x45A000, Path: 0x550: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x556D0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Micros oft.NET\Framework\v2.0.50727\mscorlib.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x54C, Path: \??\ C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x5 4C: \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib. dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x55270 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x45A000, Path: 0x550: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x55270000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\as sembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x54C, Path: \??\ C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll

. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x5 4C: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c 561934e089\System.XML.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x57000 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1F8000, Path: 0x550: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x57000000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x54C, Path: \??\ C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll . 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x5 4C: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c 561934e089\System.XML.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x55930 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1F8000, Path: 0x550: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x55930000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Fi les (x86)\Computers and Structures\SAFE 12\Interop.CsiGoLib.DLL. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Interop.CsiGoLib.DLL. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Interop.CsiGoLib.DLL. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x

C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Fi les (x86)\Computers and Structures\SAFE 12\Interop.DAO.DLL. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Interop.DAO.DLL. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Interop.DAO.DLL. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x329B280, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: TurnOffSPIAnimations, Path: 0x54C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\W indows\CurrentVersion\Policies\Explorer. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\ole32.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x54C, Path: \??\C:\W indows\system32\ole32.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x 54C: \Device\HarddiskVolume1\Windows\SysWOW64\ole32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0xA0A0000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x15C000, Path: 0x550: . 0x0A10: SUCCESS: New_NtAreMappedFilesTheSame succeeded. Status: 0x0, Param1: 0x 76950000, Param2: 0xA0A0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0xA0A0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0x4, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x54C, Path: \Sessions\1 \BaseNamedObjects\Global\__ComCatalogCache__. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x93B00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x54C: \BaseNam

edObjects\__ComCatalogCache__. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x584. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x584. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x584. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: WARNING: Call to New_CoCreateInstanceEx failed with hr: 0x80040154, Clsi d FA445657-9379-11D6-B41A00065B83EE53, Param1: 0x1, Param2: 0x1, Param3: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9A88698, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9A88698, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x1174: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x1, Param1: 0 x2, Param2: 0x1, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1D0: \KernelObje cts\LowMemoryCondition. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9A88698, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9A88698, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9A88698, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9A88698, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x00AC: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x102, Param1: 0x1, Param2: 0x1, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x25C: . 0x00AC: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x102, Param1: 0x1, Param2: 0x1, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x25C: . 0x00AC: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x260. 0x00AC: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x25C. 0x00AC: INFO: Thread terminating.. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x6, Param1: 0 x1C, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x1B, Param1: 0x1C, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0C44: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0C44: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424. 0x0C44: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x320. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x329B280, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x91000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x181000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F2C88, Path: \?? \C:\Users\MarK\AppData\Local\Computers and Structures\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x74, Param4: 0x1, Param5: 0x0, Name: SAFEv12.ini, Path:

0x3F2C88: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Computers and Structu res\. 0x0A10: INFO: New_NtQueryDirectoryFile reports no more data. Status: 0x800000 06, Param1: 0x3, Param2: 0x1000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Name: , Path: 0x3F2C88: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Computers and S tructures\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK \AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x10080, Param2 : 0x7, Param3: 0x204040, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F53B8, Path: \? ?\C:\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x2 3, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\H arddiskVolume1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xD, Param2: 0x1, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\Hard diskVolume1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x40100080, P aram2: 0x0, Param3: 0x0, Param4: 0x5, Param5: 0x400060, OutHandle: 0x3F53B8, Pat h: \??\C:\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Dev ice\HarddiskVolume1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.in i. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Dev ice\HarddiskVolume1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.in i. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x9, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x57, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolu me1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 xE, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum

e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x11, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolu me1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 xE, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 xE, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 xB, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 xA, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x11, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolu me1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x10, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolu me1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x10, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolu me1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x10, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolu

me1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x10, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolu me1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x6, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 xE, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 xB, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x12, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolu me1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x14, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolu me1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x11, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolu me1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 xA, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum

e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 xE, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x12, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolu me1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 xD, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x9, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4FF8. 0x0A10: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x102, Param1: 0x1, Param2: 0x1, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1FC: . 0x0A10: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x102, Param1: 0x1, Param2: 0x1, Param3: 0x2, Param4: 0x0, Param5: 0x0, Path: 0x178: . 0x1174: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x1, Param1: 0 x2, Param2: 0x1, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1D0: \KernelObje cts\LowMemoryCondition. 0x0A10: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x1, Param1: 0 x2, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x178: . 0x0A10: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x102, Param1: 0x1, Param2: 0x1, Param3: 0x2, Param4: 0x0, Param5: 0x0, Path: 0x178: . 0x0A10: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x1, Param1: 0 x2, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x178: . 0x0A10: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x102, Param1: 0x1, Param2: 0x1, Param3: 0x2, Param4: 0x0, Param5: 0x0, Path: 0x178: . 0x1174: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x45C. 0x1174: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x508. 0x1174: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x87A0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x1174: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x03AC: SUCCESS: New_NtDuplicateObject succeeded. Status: 0x0, Param1: 0xFFFFFF FF, Param2: 0xFFFFFFFF, Param3: 0x0, Param4: 0x0, Param5: 0x2, OutHandle: 0x458,

Path: 0xFFFFFFFE: . 0x03AC: INFO: New_NtClose given invalid handle: Handle: 0x0. 0x03AC: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0xA19FDC4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x03AC: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0xA19FDD0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x03AC: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0xA0A1000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x03AC: INFO: New_NtOpenFile reports item not found: Status: 0xC0000034, Path : \??\C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.4 344.1707477. 0x03AC: INFO: New_NtOpenFile reports item not found: Status: 0xC0000034, Path : \??\C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config. cch.4344.1707477. 0x03AC: INFO: New_NtOpenFile reports item not found: Status: 0xC000003A, Path : \??\C:\Users\MarK\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 \security.config.cch.4344.1707477. 0x0A10: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x0, Param1: 0 x2, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x178: . 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0xF, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x420, Path: \KnownDlls3 2\psapi.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x76AC0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x5000, Path: 0x420: \KnownD lls32\PSAPI.DLL. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420: \KnownDlls32\PSAPI.DL L. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\Des ktop\SAFE 12.0.1 Portable.exe. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x420, Path: \??\ C:\Users\MarK\Desktop\SAFE 12.0.1 Portable.exe. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x25C, Path: 0x4 20: \Device\HarddiskVolume1\Users\MarK\Desktop\SAFE 12.0.1 Portable.exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0xA1A0000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x11D3000, Path: 0x25C : . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x25C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0xA1A0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\Des ktop\SAFE 12.0.1 Portable.exe. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x420, Path: \??\ C:\Users\MarK\Desktop\SAFE 12.0.1 Portable.exe.

0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x25C, Path: 0x4 20: \Device\HarddiskVolume1\Users\MarK\Desktop\SAFE 12.0.1 Portable.exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0xA1A0000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x11D3000, Path: 0x25C : . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x25C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0xA1A0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtTerminateProcess succeeded. Status: 0x0, Param1: 0x0, Pa ram2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x514. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x564. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x93B0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x86A0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x414. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x274. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x27C. 0x0A10: SUCCESS: New_NtDeviceIoControlFile succeeded. Status: 0x0, Param1: 0x39 0402, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270: \Device\K secDD. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x26C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x264. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x61E8C000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1AC. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x164. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x16C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x518. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x50. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x38. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x108. 0x0A10: INFO: New_NtClose given invalid handle: Handle: 0x0. 0x0A10: INFO: New_NtClose given invalid handle: Handle: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x100. 0x0A10: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x1, Param1: 0 x2, Param2: 0x1, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xF0: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xF4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xF0. 0x0A10: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x1, Param1: 0 x2, Param2: 0x1, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xF8: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xF8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xEC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xE8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xD8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xDC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xD4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xD0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xCC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xC8. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0xC8, Path: \??\C:\ Windows\System\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: wing.dll, Path: 0xC8: \Device\HarddiskVolume1\Windows\system. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xC8. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0xC8, Path: \??\C:\ Windows\System32\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: wing.dll, Path: 0xC8: \Device\HarddiskVolume1\Windows\SysWOW64. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xC8. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0xC8, Path: \??\C:\ Windows\System\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: wing32.dll, Path: 0xC8: \Device\HarddiskVolume1\Windows\system. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xC8. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0xC8, Path: \??\C:\ Windows\System32\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: wing32.dll, Path: 0xC8: \Device\HarddiskVolume1\Windows\SysWOW64. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xC8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xB0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xB4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xAC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xA8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xA0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xA4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x9C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x80. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x78. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x6C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x70. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x74. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x7C. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x1CC0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1C4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1CC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x68. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x64. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x64, Path: \Registry\Ma chine\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: DisableMetaFiles, Path: 0x64: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Window s NT\CurrentVersion\GRE_Initialize. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x64. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,

Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x40. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x24. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x310. 0x0A10: ERROR: 0xD0000034, In call: VMAPICALL(VmCreateKey( &hRegRoot, VM_NULL_PA RENT, sRegSandboxCache, KEY_ALL_ACCESS, VM_OPEN_EXISTING))

SOLT33-08P-16P Configuration Manual
No ratings yet
SOLT33-08P-16P Configuration Manual
11 pages
Apps Global S
100% (2)
Apps Global S
108 pages
Some Tutorials in Computer Networking Hacking
From Everand
Some Tutorials in Computer Networking Hacking
Dr. Hidaia Mahmood Alassouli
No ratings yet
RFA Bugreport
No ratings yet
RFA Bugreport
27 pages
Bug Report
No ratings yet
Bug Report
31 pages
Bug Report
No ratings yet
Bug Report
7 pages
NeatoToolio Bugreport
No ratings yet
NeatoToolio Bugreport
15 pages
Handle
No ratings yet
Handle
24 pages
UsbFix Report
No ratings yet
UsbFix Report
6 pages
Combo Fix
No ratings yet
Combo Fix
4 pages
MBRCheck 04.12.12 16.30.06
No ratings yet
MBRCheck 04.12.12 16.30.06
4 pages
Repair Windows Updates
No ratings yet
Repair Windows Updates
4 pages
Bug Report
No ratings yet
Bug Report
7 pages
WARNING (3) : Can't Get Process 0x14e4 Status
No ratings yet
WARNING (3) : Can't Get Process 0x14e4 Status
210 pages
summary
No ratings yet
summary
287 pages
Bug Report
No ratings yet
Bug Report
6 pages
At Destroyer
No ratings yet
At Destroyer
6 pages
USER 20211027180836 ScrubLog
No ratings yet
USER 20211027180836 ScrubLog
10 pages
Bug Report
No ratings yet
Bug Report
8 pages
Ap 7
No ratings yet
Ap 7
28 pages
Master Seeker Log
No ratings yet
Master Seeker Log
3 pages
Info
No ratings yet
Info
57 pages
Handle All
No ratings yet
Handle All
90 pages
Rkill
No ratings yet
Rkill
4 pages
SDFGG DFG FGFG
No ratings yet
SDFGG DFG FGFG
47 pages
Bug Report 21
No ratings yet
Bug Report 21
5 pages
Prev
No ratings yet
Prev
1,047 pages
DD vcredistUI40D9
No ratings yet
DD vcredistUI40D9
4 pages
TDSSKiller.3.1.0.12 22.02.2017 22.44.03 Log
No ratings yet
TDSSKiller.3.1.0.12 22.02.2017 22.44.03 Log
79 pages
Bug Report
No ratings yet
Bug Report
7 pages
Windows Repair Hkey Local Machine 4 Log
No ratings yet
Windows Repair Hkey Local Machine 4 Log
30 pages
TDSSKiller.3.1.0.28 20.12.2023 06.35.00 Log
No ratings yet
TDSSKiller.3.1.0.28 20.12.2023 06.35.00 Log
32 pages
UsbFix Report
No ratings yet
UsbFix Report
6 pages
TDSSKiller.2.8.16.0 27.07.2013 20.25.47 Log
No ratings yet
TDSSKiller.2.8.16.0 27.07.2013 20.25.47 Log
23 pages
Bug Report
No ratings yet
Bug Report
11 pages
UsbFix Report
No ratings yet
UsbFix Report
3 pages
UsbFix Report
No ratings yet
UsbFix Report
9 pages
HPSA Setup 20230530-091516
No ratings yet
HPSA Setup 20230530-091516
3 pages
bugreport
No ratings yet
bugreport
10 pages
UsbFix Report
No ratings yet
UsbFix Report
194 pages
PC Diagnosis
No ratings yet
PC Diagnosis
9 pages
K Hubp
No ratings yet
K Hubp
9 pages
ZHP Diag
No ratings yet
ZHP Diag
41 pages
Bugreport
No ratings yet
Bugreport
34 pages
At Destroyer
No ratings yet
At Destroyer
5 pages
Software Rip
No ratings yet
Software Rip
1,320 pages
Dog Wif Tools
No ratings yet
Dog Wif Tools
202 pages
Bug Report
No ratings yet
Bug Report
9 pages
UsbFix Report
No ratings yet
UsbFix Report
4 pages
TDSSKiller.3.1.0.15 16.05.2017 13.00.29 Log
No ratings yet
TDSSKiller.3.1.0.15 16.05.2017 13.00.29 Log
16 pages
Clasic Shell
No ratings yet
Clasic Shell
18 pages
HEU25_Debug
No ratings yet
HEU25_Debug
26 pages
Info
No ratings yet
Info
54 pages
Bug Report
No ratings yet
Bug Report
11 pages
NR Policy
No ratings yet
NR Policy
17 pages
SS Guide _ by Specially
No ratings yet
SS Guide _ by Specially
11 pages
TDSSKiller.3.1.0.28 14.03.2023 21.00.07 Log
No ratings yet
TDSSKiller.3.1.0.28 14.03.2023 21.00.07 Log
56 pages
SMenu
No ratings yet
SMenu
5 pages
VBox Hardening
No ratings yet
VBox Hardening
97 pages
Master Seeker Log
No ratings yet
Master Seeker Log
1,219 pages
Protecting Confidential Information: How to Securely Store Sensitive Data
From Everand
Protecting Confidential Information: How to Securely Store Sensitive Data
Slava Gomzin
No ratings yet
Links: Joe Satriani Satch Interview Steve Vai Favored Nations Al Di Meola Gary Hoey Gary Moore
No ratings yet
Links: Joe Satriani Satch Interview Steve Vai Favored Nations Al Di Meola Gary Hoey Gary Moore
1 page
BEEIE - Unit 4 & 5 Question Bank
No ratings yet
BEEIE - Unit 4 & 5 Question Bank
7 pages
Red Hat Enterprise Linux
No ratings yet
Red Hat Enterprise Linux
67 pages
3Odvpd7Hohylvlrq 3Odvpd7Hohylvlrq: 3'30RGHO!
No ratings yet
3Odvpd7Hohylvlrq 3Odvpd7Hohylvlrq: 3'30RGHO!
19 pages
Unity 2D Tutorial: Reid Perkins-Buzo! DIG 4905 VG&S
No ratings yet
Unity 2D Tutorial: Reid Perkins-Buzo! DIG 4905 VG&S
23 pages
b5 Epi PCM Ds T811085en D
No ratings yet
b5 Epi PCM Ds T811085en D
4 pages
CH02
No ratings yet
CH02
53 pages
Lab 4.1 - SDWAN - Edge - Qty3 - PO - Utah
No ratings yet
Lab 4.1 - SDWAN - Edge - Qty3 - PO - Utah
15 pages
OOSPLP-Object Oriented Methodology MCQ 110-By DR Pradhan PL TGPCET NAGPUR
No ratings yet
OOSPLP-Object Oriented Methodology MCQ 110-By DR Pradhan PL TGPCET NAGPUR
22 pages
CA7 33 Messages
No ratings yet
CA7 33 Messages
634 pages
std9 ch1
No ratings yet
std9 ch1
7 pages
Amulya DataStag Resume
No ratings yet
Amulya DataStag Resume
4 pages
OneScreen_Touchscreen_for_Education_T7_65_Spec_Sheet (1)
No ratings yet
OneScreen_Touchscreen_for_Education_T7_65_Spec_Sheet (1)
2 pages
RVTools
No ratings yet
RVTools
124 pages
Project Report Format
No ratings yet
Project Report Format
6 pages
Future Trends in Internet Technologies
No ratings yet
Future Trends in Internet Technologies
5 pages
Chapter 3 Programming 2
No ratings yet
Chapter 3 Programming 2
12 pages
Raspberry Pi - Hardware History - ELinux
No ratings yet
Raspberry Pi - Hardware History - ELinux
11 pages
TeamViewer Backup Factsheet EMEA en
No ratings yet
TeamViewer Backup Factsheet EMEA en
4 pages
Period Start Time BSC Name: RTCH - Attempts RTCH Assignment Fail Rate2
No ratings yet
Period Start Time BSC Name: RTCH - Attempts RTCH Assignment Fail Rate2
73 pages
IMaster MAE V100R023C10SPC150 Upgrade Expert Operation Guide (Virtual Cluster Remote Cold Backup System, TaiShan)
No ratings yet
IMaster MAE V100R023C10SPC150 Upgrade Expert Operation Guide (Virtual Cluster Remote Cold Backup System, TaiShan)
101 pages
CSC
No ratings yet
CSC
26 pages
Lecture Notes DBM S
No ratings yet
Lecture Notes DBM S
11 pages
Configuring Satelline Radios in Leica Viva GNSS: 1. Overview of Satelline Compatibility and Radio Protocols
100% (1)
Configuring Satelline Radios in Leica Viva GNSS: 1. Overview of Satelline Compatibility and Radio Protocols
3 pages
UP LAB Programs
No ratings yet
UP LAB Programs
5 pages
202206-ECCOMAS-Oslo-Article
No ratings yet
202206-ECCOMAS-Oslo-Article
12 pages
0301 Nomani
No ratings yet
0301 Nomani
65 pages
System Information - Report Page
No ratings yet
System Information - Report Page
85 pages
PonyProg Documentation
No ratings yet
PonyProg Documentation
19 pages

Uploaded by

Uploaded by

0x0A10: INFO: Start of diagnostic log for process with command line: "C:\User s\MarK\Desktop\SAFE 12.0.1 Portable.

You might also like