Some shellcode and malwares uses CreateThread to download, upload....
And they call WaitForXXXObject to wait until those threads run and finished.
The Python emulation WaitForXXX code return successed immediately, so those threads will not be emulated.
Can you wait and emulate all threads those malware/shellcode created.
Thanks