{
  "statistics": {
    "processing": [
      {
        "name": "CAPE",
        "time": 1.155
      },
      {
        "name": "AnalysisInfo",
        "time": 0.015
      },
      {
        "name": "BehaviorAnalysis",
        "time": 0.011
      },
      {
        "name": "Debug",
        "time": 0.001
      },
      {
        "name": "NetworkAnalysis",
        "time": 4.903
      },
      {
        "name": "Suricata",
        "time": 6.788
      },
      {
        "name": "UrlAnalysis",
        "time": 0.0
      },
      {
        "name": "script_log_processing",
        "time": 0.0
      },
      {
        "name": "ProcessMemory",
        "time": 0.0
      }
    ],
    "signatures": [
      {
        "name": "packer_themida",
        "time": 0.0
      },
      {
        "name": "stealth_network",
        "time": 0.0
      },
      {
        "name": "disable_driver_via_blocklist",
        "time": 0.0
      },
      {
        "name": "disable_driver_via_hvcidisallowedimages",
        "time": 0.0
      },
      {
        "name": "disable_hypervisor_protected_code_integrity",
        "time": 0.0
      },
      {
        "name": "pendingfilerenameoperations_Operations",
        "time": 0.0
      },
      {
        "name": "anomalous_deletefile",
        "time": 0.0
      },
      {
        "name": "antiav_360_libs",
        "time": 0.0
      },
      {
        "name": "antiav_ahnlab_libs",
        "time": 0.0
      },
      {
        "name": "antiav_avast_libs",
        "time": 0.0
      },
      {
        "name": "antiav_bitdefender_libs",
        "time": 0.0
      },
      {
        "name": "antiav_bullguard_libs",
        "time": 0.0
      },
      {
        "name": "antiav_emsisoft_libs",
        "time": 0.0
      },
      {
        "name": "antiav_qurb_libs",
        "time": 0.0
      },
      {
        "name": "antiav_servicestop",
        "time": 0.0
      },
      {
        "name": "antiav_apioverride_libs",
        "time": 0.0
      },
      {
        "name": "antidebug_guardpages",
        "time": 0.0
      },
      {
        "name": "antiav_nthookengine_libs",
        "time": 0.0
      },
      {
        "name": "antidebug_outputdebugstring",
        "time": 0.0
      },
      {
        "name": "antidebug_windows",
        "time": 0.0
      },
      {
        "name": "antisandbox_cuckoo",
        "time": 0.0
      },
      {
        "name": "antisandbox_cuckoocrash",
        "time": 0.0
      },
      {
        "name": "antisandbox_foregroundwindows",
        "time": 0.0
      },
      {
        "name": "mouse_movement_detect",
        "time": 0.0
      },
      {
        "name": "antisandbox_sboxie_libs",
        "time": 0.0
      },
      {
        "name": "antisandbox_script_timer",
        "time": 0.0
      },
      {
        "name": "antisandbox_sleep",
        "time": 0.0
      },
      {
        "name": "antisandbox_sunbelt_libs",
        "time": 0.0
      },
      {
        "name": "antisandbox_unhook",
        "time": 0.0
      },
      {
        "name": "antivm_directory_objects",
        "time": 0.0
      },
      {
        "name": "antivm_display",
        "time": 0.0
      },
      {
        "name": "antivm_generic_disk",
        "time": 0.0
      },
      {
        "name": "antivm_generic_system",
        "time": 0.0
      },
      {
        "name": "antivm_checks_available_memory",
        "time": 0.0
      },
      {
        "name": "detect_virtualization_via_recent_files",
        "time": 0.0
      },
      {
        "name": "antivm_vbox_libs",
        "time": 0.0
      },
      {
        "name": "antivm_vmware_events",
        "time": 0.0
      },
      {
        "name": "antivm_vmware_libs",
        "time": 0.0
      },
      {
        "name": "antivm_wmi",
        "time": 0.0
      },
      {
        "name": "api_spamming",
        "time": 0.0
      },
      {
        "name": "api_uuidfromstringa",
        "time": 0.0
      },
      {
        "name": "bcdedit_command",
        "time": 0.0
      },
      {
        "name": "bootkit",
        "time": 0.0
      },
      {
        "name": "direct_hdd_access",
        "time": 0.0
      },
      {
        "name": "physical_drive_access",
        "time": 0.0
      },
      {
        "name": "potential_overwrite_mbr",
        "time": 0.0
      },
      {
        "name": "read_file_raw_disk_access",
        "time": 0.0
      },
      {
        "name": "suspicious_iocontrol_codes",
        "time": 0.0
      },
      {
        "name": "browser_needed",
        "time": 0.0
      },
      {
        "name": "regsvr32_squiblydoo_dll_load",
        "time": 0.0
      },
      {
        "name": "uac_bypass_cmstp",
        "time": 0.0
      },
      {
        "name": "uac_bypass_eventvwr",
        "time": 0.0
      },
      {
        "name": "uac_bypass_windows_Backup",
        "time": 0.0
      },
      {
        "name": "dotnet_code_compile",
        "time": 0.0
      },
      {
        "name": "queries_computer_name",
        "time": 0.0
      },
      {
        "name": "queries_user_name",
        "time": 0.0
      },
      {
        "name": "creates_largekey",
        "time": 0.0
      },
      {
        "name": "creates_nullvalue",
        "time": 0.0
      },
      {
        "name": "access_windows_passwords_vault",
        "time": 0.0
      },
      {
        "name": "lsass_credential_dumping",
        "time": 0.0
      },
      {
        "name": "critical_process",
        "time": 0.0
      },
      {
        "name": "cryptopool_domains",
        "time": 0.0
      },
      {
        "name": "dead_connect",
        "time": 0.0
      },
      {
        "name": "dead_link",
        "time": 0.0
      },
      {
        "name": "decoy_document",
        "time": 0.0
      },
      {
        "name": "decoy_image",
        "time": 0.0
      },
      {
        "name": "deletes_consolehost_history",
        "time": 0.0
      },
      {
        "name": "dep_bypass",
        "time": 0.0
      },
      {
        "name": "dep_disable",
        "time": 0.0
      },
      {
        "name": "disables_wfp",
        "time": 0.0
      },
      {
        "name": "add_windows_defender_exclusions",
        "time": 0.0
      },
      {
        "name": "mountpoints_volume_discovery",
        "time": 0.0
      },
      {
        "name": "dll_load_uncommon_file_types",
        "time": 0.0
      },
      {
        "name": "document_script_exe_drop",
        "time": 0.0
      },
      {
        "name": "guloader_apis",
        "time": 0.0
      },
      {
        "name": "driver_load",
        "time": 0.0
      },
      {
        "name": "dynamic_function_loading",
        "time": 0.0
      },
      {
        "name": "encrypted_ioc",
        "time": 0.0
      },
      {
        "name": "exec_crash",
        "time": 0.0
      },
      {
        "name": "process_creation_suspicious_location",
        "time": 0.0
      },
      {
        "name": "exploit_getbasekerneladdress",
        "time": 0.0
      },
      {
        "name": "exploit_gethaldispatchtable",
        "time": 0.0
      },
      {
        "name": "exploit_heapspray",
        "time": 0.0
      },
      {
        "name": "koadic_apis",
        "time": 0.0
      },
      {
        "name": "koadic_network_activity",
        "time": 0.0
      },
      {
        "name": "downloads_from_filehosting",
        "time": 0.0
      },
      {
        "name": "generic_phish",
        "time": 0.0
      },
      {
        "name": "http_request",
        "time": 0.0
      },
      {
        "name": "infostealer_browser",
        "time": 0.0
      },
      {
        "name": "infostealer_browser_password",
        "time": 0.0
      },
      {
        "name": "infostealer_cookies",
        "time": 0.0
      },
      {
        "name": "cryptbot_network",
        "time": 0.0
      },
      {
        "name": "purplewave_network_activity",
        "time": 0.0
      },
      {
        "name": "quilclipper_behavior",
        "time": 0.0
      },
      {
        "name": "raccoon_behavior",
        "time": 0.0
      },
      {
        "name": "captures_screenshot",
        "time": 0.0
      },
      {
        "name": "vidar_behavior",
        "time": 0.0
      },
      {
        "name": "injection_createremotethread",
        "time": 0.0
      },
      {
        "name": "creates_suspended_process",
        "time": 0.0
      },
      {
        "name": "injection_explorer",
        "time": 0.0
      },
      {
        "name": "injection_network_traffic",
        "time": 0.0
      },
      {
        "name": "injection_runpe",
        "time": 0.0
      },
      {
        "name": "injection_rwx",
        "time": 0.0
      },
      {
        "name": "injection_themeinitapihook",
        "time": 0.0
      },
      {
        "name": "resumethread_remote_process",
        "time": 0.0
      },
      {
        "name": "injection_write_exe_process",
        "time": 0.0
      },
      {
        "name": "injection_write_process",
        "time": 0.0
      },
      {
        "name": "internet_dropper",
        "time": 0.0
      },
      {
        "name": "escalate_privilege_via_named_pipe",
        "time": 0.0
      },
      {
        "name": "ipc_namedpipe",
        "time": 0.0
      },
      {
        "name": "js_phish",
        "time": 0.0
      },
      {
        "name": "js_suspicious_redirect",
        "time": 0.0
      },
      {
        "name": "loader_alien",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_internet_explorer_exporter",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_run_exe_helper_utility",
        "time": 0.0
      },
      {
        "name": "execute_ps_via_syncappvpublishingserver",
        "time": 0.0
      },
      {
        "name": "malicious_dynamic_function_loading",
        "time": 0.0
      },
      {
        "name": "encrypt_pcinfo",
        "time": 0.0
      },
      {
        "name": "encrypt_data_agenttesla_http",
        "time": 0.0
      },
      {
        "name": "encrypt_data_agentteslat2_http",
        "time": 0.0
      },
      {
        "name": "encrypt_data_nanocore",
        "time": 0.0
      },
      {
        "name": "reads_memory_remote_process",
        "time": 0.0
      },
      {
        "name": "mimics_filetime",
        "time": 0.0
      },
      {
        "name": "amsi_bypass_via_com_registry",
        "time": 0.0
      },
      {
        "name": "access_auto_logons_via_registry",
        "time": 0.0
      },
      {
        "name": "access_boot_key_via_registry",
        "time": 0.0
      },
      {
        "name": "create_suspicious_lnk_files",
        "time": 0.0
      },
      {
        "name": "credential_access_via_windows_credential_history",
        "time": 0.0
      },
      {
        "name": "dll_hijacking_via_microsoft_exchange",
        "time": 0.0
      },
      {
        "name": "dll_hijacking_via_waas_medic_svc_com_typelib",
        "time": 0.0
      },
      {
        "name": "execute_file_downloaded_via_openssh",
        "time": 0.0
      },
      {
        "name": "execute_safe_mode_from_suspicious_process",
        "time": 0.0
      },
      {
        "name": "execute_scripts_via_microsoft_management_console",
        "time": 0.0
      },
      {
        "name": "execute_suspicious_processes_via_windows_mssql_service",
        "time": 0.0
      },
      {
        "name": "execution_from_self_extracting_archive",
        "time": 0.0
      },
      {
        "name": "ip_address_discovery_via_trusted_program",
        "time": 0.0
      },
      {
        "name": "load_dll_via_control_panel",
        "time": 0.0
      },
      {
        "name": "network_connection_via_suspicious_process",
        "time": 0.0
      },
      {
        "name": "potential_location_discovery_via_unusual_process",
        "time": 0.0
      },
      {
        "name": "store_executable_registry",
        "time": 0.0
      },
      {
        "name": "Suspicious_Execution_Via_MicrosoftExchangeTransportAgent",
        "time": 0.0
      },
      {
        "name": "suspicious_java_execution_via_win_scripts",
        "time": 0.0
      },
      {
        "name": "Suspicious_Scheduled_Task_Creation_Via_Masqueraded_XML_File",
        "time": 0.0
      },
      {
        "name": "uses_restart_manager_for_suspicious_activities",
        "time": 0.0
      },
      {
        "name": "modify_desktop_wallpaper",
        "time": 0.0
      },
      {
        "name": "move_file_on_reboot",
        "time": 0.0
      },
      {
        "name": "multiple_useragents",
        "time": 0.0
      },
      {
        "name": "network_anomaly",
        "time": 0.0
      },
      {
        "name": "network_bind",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_archive",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_free_webhosting",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_generic",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_interactsh",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_opensource",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_pastesite",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_payload",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_serviceinterface",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_socialmedia",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_telegram",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_tempstorage",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_temp_urldns",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_urlshortener",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_useragent",
        "time": 0.0
      },
      {
        "name": "network_cnc_smtps_exfil",
        "time": 0.0
      },
      {
        "name": "network_cnc_smtps_generic",
        "time": 0.0
      },
      {
        "name": "network_dns_idn",
        "time": 0.0
      },
      {
        "name": "network_dns_suspicious_querytype",
        "time": 0.0
      },
      {
        "name": "network_dns_tunneling_request",
        "time": 0.0
      },
      {
        "name": "network_document_http",
        "time": 0.0
      },
      {
        "name": "explorer_http",
        "time": 0.0
      },
      {
        "name": "network_fake_useragent",
        "time": 0.0
      },
      {
        "name": "legitimate_domain_abuse",
        "time": 0.0
      },
      {
        "name": "suspicious_communication_trusted_site",
        "time": 0.0
      },
      {
        "name": "network_tor",
        "time": 0.0
      },
      {
        "name": "office_com_load",
        "time": 0.0
      },
      {
        "name": "office_dotnet_load",
        "time": 0.0
      },
      {
        "name": "office_mshtml_load",
        "time": 0.0
      },
      {
        "name": "office_vb_load",
        "time": 0.0
      },
      {
        "name": "office_wmi_load",
        "time": 0.0
      },
      {
        "name": "office_cve2017_11882",
        "time": 0.0
      },
      {
        "name": "office_cve2017_11882_network",
        "time": 0.0
      },
      {
        "name": "office_cve_2021_40444",
        "time": 0.0
      },
      {
        "name": "office_cve_2021_40444_m2",
        "time": 0.0
      },
      {
        "name": "office_flash_load",
        "time": 0.0
      },
      {
        "name": "office_postscript",
        "time": 0.0
      },
      {
        "name": "office_suspicious_processes",
        "time": 0.0
      },
      {
        "name": "office_write_exe",
        "time": 0.0
      },
      {
        "name": "persistence_via_autodial_dll_registry",
        "time": 0.0
      },
      {
        "name": "persistence_autorun",
        "time": 0.0
      },
      {
        "name": "persistence_autorun_tasks",
        "time": 0.0
      },
      {
        "name": "persistence_bootexecute",
        "time": 0.0
      },
      {
        "name": "persistence_registry_script",
        "time": 0.0
      },
      {
        "name": "powershell_network_connection",
        "time": 0.0
      },
      {
        "name": "powershell_download",
        "time": 0.0
      },
      {
        "name": "powershell_request",
        "time": 0.0
      },
      {
        "name": "createtoolhelp32snapshot_module_enumeration",
        "time": 0.0
      },
      {
        "name": "enumerates_running_processes",
        "time": 0.0
      },
      {
        "name": "process_interest",
        "time": 0.0
      },
      {
        "name": "process_needed",
        "time": 0.0
      },
      {
        "name": "mass_data_encryption",
        "time": 0.0
      },
      {
        "name": "ransomware_file_modifications",
        "time": 0.0
      },
      {
        "name": "ransomware_message",
        "time": 0.0
      },
      {
        "name": "nemty_network_activity",
        "time": 0.0
      },
      {
        "name": "nemty_note",
        "time": 0.0
      },
      {
        "name": "sodinokibi_behavior",
        "time": 0.0
      },
      {
        "name": "stop_ransomware_registry",
        "time": 0.0
      },
      {
        "name": "blackrat_apis",
        "time": 0.0
      },
      {
        "name": "blackrat_network_activity",
        "time": 0.0
      },
      {
        "name": "blackrat_registry_keys",
        "time": 0.0
      },
      {
        "name": "dcrat_behavior",
        "time": 0.0
      },
      {
        "name": "karagany_system_event_objects",
        "time": 0.0
      },
      {
        "name": "rat_luminosity",
        "time": 0.0
      },
      {
        "name": "rat_nanocore",
        "time": 0.0
      },
      {
        "name": "netwire_behavior",
        "time": 0.0
      },
      {
        "name": "obliquerat_network_activity",
        "time": 0.0
      },
      {
        "name": "orcusrat_behavior",
        "time": 0.0
      },
      {
        "name": "trochilusrat_apis",
        "time": 0.0
      },
      {
        "name": "reads_self",
        "time": 0.0
      },
      {
        "name": "recon_beacon",
        "time": 0.0
      },
      {
        "name": "recon_programs",
        "time": 0.0
      },
      {
        "name": "recon_systeminfo",
        "time": 0.0
      },
      {
        "name": "accesses_recyclebin",
        "time": 0.0
      },
      {
        "name": "remcos_shell_code_dynamic_wrapper_x",
        "time": 0.0
      },
      {
        "name": "script_created_process",
        "time": 0.0
      },
      {
        "name": "script_network_activity",
        "time": 0.0
      },
      {
        "name": "suspicious_js_script",
        "time": 0.0
      },
      {
        "name": "javascript_timer",
        "time": 0.0
      },
      {
        "name": "secure_login_phishing",
        "time": 0.0
      },
      {
        "name": "securityxploded_modules",
        "time": 0.0
      },
      {
        "name": "get_clipboard_data",
        "time": 0.0
      },
      {
        "name": "sets_autoconfig_url",
        "time": 0.0
      },
      {
        "name": "spoofs_procname",
        "time": 0.0
      },
      {
        "name": "stack_pivot",
        "time": 0.0
      },
      {
        "name": "stack_pivot_file_created",
        "time": 0.0
      },
      {
        "name": "stack_pivot_process_create",
        "time": 0.0
      },
      {
        "name": "set_clipboard_data",
        "time": 0.0
      },
      {
        "name": "stealth_childproc",
        "time": 0.0
      },
      {
        "name": "stealth_file",
        "time": 0.0
      },
      {
        "name": "stealth_timeout",
        "time": 0.0
      },
      {
        "name": "stealth_window",
        "time": 0.0
      },
      {
        "name": "queries_keyboard_layout",
        "time": 0.0
      },
      {
        "name": "queries_locale_api",
        "time": 0.0
      },
      {
        "name": "terminates_remote_process",
        "time": 0.0
      },
      {
        "name": "uiautomationcore_load",
        "time": 0.0
      },
      {
        "name": "user_enum",
        "time": 0.0
      },
      {
        "name": "mmc_dll_script_load",
        "time": 0.0
      },
      {
        "name": "mmc_dotnet_load",
        "time": 0.0
      },
      {
        "name": "virus",
        "time": 0.0
      },
      {
        "name": "neshta_files",
        "time": 0.0
      },
      {
        "name": "neshta_regkeys",
        "time": 0.0
      },
      {
        "name": "webmail_phish",
        "time": 0.0
      },
      {
        "name": "persists_dev_util",
        "time": 0.0
      },
      {
        "name": "spawns_dev_util",
        "time": 0.0
      },
      {
        "name": "alters_windows_utility",
        "time": 0.0
      },
      {
        "name": "overwrites_accessibility_utility",
        "time": 0.0
      },
      {
        "name": "Potential_Lateral_Movement_Via_SMBEXEC",
        "time": 0.0
      },
      {
        "name": "potential_WebShell_Via_ScreenConnectServer",
        "time": 0.0
      },
      {
        "name": "uses_Microsoft_HTML_Help_Executable",
        "time": 0.0
      },
      {
        "name": "wiper_zeroedbytes",
        "time": 0.0
      },
      {
        "name": "wmi_create_process",
        "time": 0.0
      },
      {
        "name": "wmi_script_process",
        "time": 0.0
      },
      {
        "name": "antianalysis_tls_section",
        "time": 0.0
      },
      {
        "name": "antivirus_clamav",
        "time": 0.0
      },
      {
        "name": "antivirus_virustotal",
        "time": 0.0
      },
      {
        "name": "bad_certs",
        "time": 0.0
      },
      {
        "name": "bad_ssl_certs",
        "time": 0.0
      },
      {
        "name": "banker_zeus_p2p",
        "time": 0.0
      },
      {
        "name": "banker_zeus_url",
        "time": 0.0
      },
      {
        "name": "binary_yara",
        "time": 0.0
      },
      {
        "name": "bot_athenahttp",
        "time": 0.0
      },
      {
        "name": "bot_dirtjumper",
        "time": 0.0
      },
      {
        "name": "bot_drive",
        "time": 0.0
      },
      {
        "name": "bot_drive2",
        "time": 0.0
      },
      {
        "name": "bot_madness",
        "time": 0.0
      },
      {
        "name": "phishing_kit_detected",
        "time": 0.0
      },
      {
        "name": "family_proxyback",
        "time": 0.0
      },
      {
        "name": "flare_capa_antianalysis",
        "time": 0.0
      },
      {
        "name": "flare_capa_collection",
        "time": 0.0
      },
      {
        "name": "flare_capa_communication",
        "time": 0.0
      },
      {
        "name": "flare_capa_compiler",
        "time": 0.0
      },
      {
        "name": "flare_capa_datamanipulation",
        "time": 0.0
      },
      {
        "name": "flare_capa_executable",
        "time": 0.0
      },
      {
        "name": "flare_capa_hostinteraction",
        "time": 0.0
      },
      {
        "name": "flare_capa_impact",
        "time": 0.0
      },
      {
        "name": "flare_capa_lib",
        "time": 0.0
      },
      {
        "name": "flare_capa_linking",
        "time": 0.0
      },
      {
        "name": "flare_capa_loadcode",
        "time": 0.0
      },
      {
        "name": "flare_capa_malwarefamily",
        "time": 0.0
      },
      {
        "name": "flare_capa_nursery",
        "time": 0.0
      },
      {
        "name": "flare_capa_persistence",
        "time": 0.0
      },
      {
        "name": "flare_capa_runtime",
        "time": 0.0
      },
      {
        "name": "flare_capa_targeting",
        "time": 0.0
      },
      {
        "name": "threatfox",
        "time": 0.0
      },
      {
        "name": "log4shell",
        "time": 0.0
      },
      {
        "name": "mimics_extension",
        "time": 0.0
      },
      {
        "name": "network_country_distribution",
        "time": 0.0
      },
      {
        "name": "network_cnc_http",
        "time": 0.014
      },
      {
        "name": "network_ip_exe",
        "time": 0.0
      },
      {
        "name": "network_dga",
        "time": 0.0
      },
      {
        "name": "network_dga_fraunhofer",
        "time": 0.0
      },
      {
        "name": "network_dyndns",
        "time": 0.0
      },
      {
        "name": "network_excessive_udp",
        "time": 0.0
      },
      {
        "name": "network_http",
        "time": 0.005
      },
      {
        "name": "network_icmp",
        "time": 0.0
      },
      {
        "name": "network_irc",
        "time": 0.0
      },
      {
        "name": "network_open_proxy",
        "time": 0.0
      },
      {
        "name": "network_questionable_http_path",
        "time": 0.0
      },
      {
        "name": "network_questionable_https_path",
        "time": 0.0
      },
      {
        "name": "network_smtp",
        "time": 0.0
      },
      {
        "name": "network_torgateway",
        "time": 0.0
      },
      {
        "name": "origin_langid",
        "time": 0.0
      },
      {
        "name": "origin_resource_langid",
        "time": 0.0
      },
      {
        "name": "overlay",
        "time": 0.0
      },
      {
        "name": "packer_unknown_pe_section_name",
        "time": 0.0
      },
      {
        "name": "packer_aspack",
        "time": 0.0
      },
      {
        "name": "packer_aspirecrypt",
        "time": 0.0
      },
      {
        "name": "packer_bedsprotector",
        "time": 0.0
      },
      {
        "name": "packer_confuser",
        "time": 0.0
      },
      {
        "name": "packer_enigma",
        "time": 0.0
      },
      {
        "name": "packer_entropy",
        "time": 0.0
      },
      {
        "name": "packer_mpress",
        "time": 0.0
      },
      {
        "name": "packer_nate",
        "time": 0.0
      },
      {
        "name": "packer_nspack",
        "time": 0.0
      },
      {
        "name": "packer_smartassembly",
        "time": 0.0
      },
      {
        "name": "packer_spices",
        "time": 0.0
      },
      {
        "name": "packer_themida",
        "time": 0.0
      },
      {
        "name": "packer_titan",
        "time": 0.0
      },
      {
        "name": "packer_upx",
        "time": 0.0
      },
      {
        "name": "packer_vmprotect",
        "time": 0.0
      },
      {
        "name": "packer_yoda",
        "time": 0.0
      },
      {
        "name": "pdf_annot_urls_checker",
        "time": 0.0
      },
      {
        "name": "polymorphic",
        "time": 0.0
      },
      {
        "name": "punch_plus_plus_pcres",
        "time": 0.0
      },
      {
        "name": "procmem_yara",
        "time": 0.0
      },
      {
        "name": "recon_checkip",
        "time": 0.0
      },
      {
        "name": "static_authenticode",
        "time": 0.0
      },
      {
        "name": "invalid_authenticode_signature",
        "time": 0.0
      },
      {
        "name": "static_dotnet_anomaly",
        "time": 0.0
      },
      {
        "name": "static_java",
        "time": 0.0
      },
      {
        "name": "static_pdf",
        "time": 0.0
      },
      {
        "name": "contains_pe_overlay",
        "time": 0.0
      },
      {
        "name": "static_pe_anomaly",
        "time": 0.0
      },
      {
        "name": "pe_compile_timestomping",
        "time": 0.0
      },
      {
        "name": "static_pe_pdbpath",
        "time": 0.0
      },
      {
        "name": "static_rat_config",
        "time": 0.0
      },
      {
        "name": "static_versioninfo_anomaly",
        "time": 0.0
      },
      {
        "name": "suricata_alert",
        "time": 0.0
      },
      {
        "name": "suspicious_html_body",
        "time": 0.0
      },
      {
        "name": "suspicious_html_name",
        "time": 0.0
      },
      {
        "name": "suspicious_html_title",
        "time": 0.0
      },
      {
        "name": "volatility_devicetree_1",
        "time": 0.0
      },
      {
        "name": "volatility_handles_1",
        "time": 0.0
      },
      {
        "name": "volatility_ldrmodules_1",
        "time": 0.0
      },
      {
        "name": "volatility_ldrmodules_2",
        "time": 0.0
      },
      {
        "name": "volatility_malfind_1",
        "time": 0.0
      },
      {
        "name": "volatility_malfind_2",
        "time": 0.0
      },
      {
        "name": "volatility_modscan_1",
        "time": 0.0
      },
      {
        "name": "volatility_svcscan_1",
        "time": 0.0
      },
      {
        "name": "volatility_svcscan_2",
        "time": 0.0
      },
      {
        "name": "volatility_svcscan_3",
        "time": 0.0
      },
      {
        "name": "whois_create",
        "time": 0.0
      },
      {
        "name": "accesses_mailslot",
        "time": 0.0
      },
      {
        "name": "accesses_netlogon_regkey",
        "time": 0.0
      },
      {
        "name": "accesses_public_folder",
        "time": 0.0
      },
      {
        "name": "accesses_sysvol",
        "time": 0.0
      },
      {
        "name": "writes_sysvol",
        "time": 0.0
      },
      {
        "name": "adds_admin_user",
        "time": 0.0
      },
      {
        "name": "adds_user",
        "time": 0.0
      },
      {
        "name": "overwrites_admin_password",
        "time": 0.0
      },
      {
        "name": "antianalysis_detectfile",
        "time": 0.002
      },
      {
        "name": "antianalysis_detectreg",
        "time": 0.001
      },
      {
        "name": "modify_attachment_manager",
        "time": 0.0
      },
      {
        "name": "antiav_detectfile",
        "time": 0.004
      },
      {
        "name": "antiav_detectreg",
        "time": 0.005
      },
      {
        "name": "antiav_srp",
        "time": 0.0
      },
      {
        "name": "antiav_whitespace",
        "time": 0.0
      },
      {
        "name": "antidebug_devices",
        "time": 0.001
      },
      {
        "name": "antiemu_windefend",
        "time": 0.0
      },
      {
        "name": "antiemu_wine_reg",
        "time": 0.0
      },
      {
        "name": "antisandbox_cuckoo_files",
        "time": 0.0
      },
      {
        "name": "antisandbox_fortinet_files",
        "time": 0.0
      },
      {
        "name": "antisandbox_joe_anubis_files",
        "time": 0.0
      },
      {
        "name": "antisandbox_sboxie_mutex",
        "time": 0.0
      },
      {
        "name": "antisandbox_sunbelt_files",
        "time": 0.0
      },
      {
        "name": "antisandbox_threattrack_files",
        "time": 0.0
      },
      {
        "name": "antivm_bochs_keys",
        "time": 0.0
      },
      {
        "name": "antivm_generic_bios",
        "time": 0.0
      },
      {
        "name": "antivm_generic_diskreg",
        "time": 0.0
      },
      {
        "name": "antivm_hyperv_keys",
        "time": 0.0
      },
      {
        "name": "antivm_parallels_keys",
        "time": 0.0
      },
      {
        "name": "antivm_recentdocs",
        "time": 0.0
      },
      {
        "name": "antivm_vbox_devices",
        "time": 0.0
      },
      {
        "name": "antivm_vbox_files",
        "time": 0.002
      },
      {
        "name": "antivm_vbox_keys",
        "time": 0.001
      },
      {
        "name": "antivm_vmware_devices",
        "time": 0.0
      },
      {
        "name": "antivm_vmware_files",
        "time": 0.001
      },
      {
        "name": "antivm_vmware_keys",
        "time": 0.0
      },
      {
        "name": "antivm_vmware_mutexes",
        "time": 0.0
      },
      {
        "name": "antivm_vpc_files",
        "time": 0.0
      },
      {
        "name": "antivm_vpc_keys",
        "time": 0.0
      },
      {
        "name": "antivm_vpc_mutex",
        "time": 0.0
      },
      {
        "name": "antivm_xen_keys",
        "time": 0.0
      },
      {
        "name": "asyncrat_mutex",
        "time": 0.0
      },
      {
        "name": "gulpix_behavior",
        "time": 0.0
      },
      {
        "name": "ketrican_regkeys",
        "time": 0.0
      },
      {
        "name": "okrum_mutexes",
        "time": 0.0
      },
      {
        "name": "banker_cridex",
        "time": 0.0
      },
      {
        "name": "geodo_banking_trojan",
        "time": 0.001
      },
      {
        "name": "banker_spyeye_mutexes",
        "time": 0.0
      },
      {
        "name": "banker_zeus_mutex",
        "time": 0.0
      },
      {
        "name": "bitcoin_opencl",
        "time": 0.0
      },
      {
        "name": "enumerates_physical_drives",
        "time": 0.0
      },
      {
        "name": "bot_russkill",
        "time": 0.0
      },
      {
        "name": "browser_addon",
        "time": 0.0
      },
      {
        "name": "chromium_browser_extension_directory",
        "time": 0.0
      },
      {
        "name": "browser_helper_object",
        "time": 0.0
      },
      {
        "name": "browser_security",
        "time": 0.001
      },
      {
        "name": "browser_startpage",
        "time": 0.0
      },
      {
        "name": "ie_disables_process_tab",
        "time": 0.0
      },
      {
        "name": "odbcconf_bypass",
        "time": 0.0
      },
      {
        "name": "squiblydoo_bypass",
        "time": 0.0
      },
      {
        "name": "squiblytwo_bypass",
        "time": 0.0
      },
      {
        "name": "bypass_chromium_protection",
        "time": 0.0
      },
      {
        "name": "bypass_firewall",
        "time": 0.0
      },
      {
        "name": "checks_uac_status",
        "time": 0.0
      },
      {
        "name": "uac_bypass_cmstpcom",
        "time": 0.0
      },
      {
        "name": "uac_bypass_delegateexecute_sdclt",
        "time": 0.0
      },
      {
        "name": "uac_bypass_fodhelper",
        "time": 0.0
      },
      {
        "name": "cape_extracted_content",
        "time": 0.0
      },
      {
        "name": "carberp_mutex",
        "time": 0.0
      },
      {
        "name": "clears_logs",
        "time": 0.0
      },
      {
        "name": "cmdline_obfuscation",
        "time": 0.0
      },
      {
        "name": "cmdline_switches",
        "time": 0.0
      },
      {
        "name": "cmdline_terminate",
        "time": 0.0
      },
      {
        "name": "cmdline_forfiles_wildcard",
        "time": 0.0
      },
      {
        "name": "cmdline_http_link",
        "time": 0.0
      },
      {
        "name": "cmdline_long_string",
        "time": 0.0
      },
      {
        "name": "cmdline_reversed_http_link",
        "time": 0.0
      },
      {
        "name": "long_commandline",
        "time": 0.0
      },
      {
        "name": "powershell_renamed_commandline",
        "time": 0.0
      },
      {
        "name": "copies_self",
        "time": 0.0
      },
      {
        "name": "credwiz_credentialaccess",
        "time": 0.0
      },
      {
        "name": "enables_wdigest",
        "time": 0.0
      },
      {
        "name": "vaultcmd_credentialaccess",
        "time": 0.0
      },
      {
        "name": "file_credential_store_access",
        "time": 0.0
      },
      {
        "name": "file_credential_store_write",
        "time": 0.0
      },
      {
        "name": "kerberos_credential_access_via_rubeus",
        "time": 0.0
      },
      {
        "name": "registry_credential_dumping",
        "time": 0.0
      },
      {
        "name": "registry_credential_store_access",
        "time": 0.0
      },
      {
        "name": "registry_lsa_secrets_access",
        "time": 0.0
      },
      {
        "name": "comsvcs_credentialdump",
        "time": 0.0
      },
      {
        "name": "cryptomining_stratum_command",
        "time": 0.0
      },
      {
        "name": "cypherit_mutexes",
        "time": 0.0
      },
      {
        "name": "darkcomet_regkeys",
        "time": 0.0
      },
      {
        "name": "datop_loader",
        "time": 0.0
      },
      {
        "name": "deepfreeze_mutex",
        "time": 0.0
      },
      {
        "name": "deletes_executed_files",
        "time": 0.0
      },
      {
        "name": "disables_app_launch",
        "time": 0.0
      },
      {
        "name": "disables_auto_app_termination",
        "time": 0.0
      },
      {
        "name": "disables_appv_virtualization",
        "time": 0.0
      },
      {
        "name": "disables_backups",
        "time": 0.001
      },
      {
        "name": "disables_browser_warn",
        "time": 0.001
      },
      {
        "name": "disables_context_menus",
        "time": 0.0
      },
      {
        "name": "disables_cpl_disable",
        "time": 0.0
      },
      {
        "name": "disables_crashdumps",
        "time": 0.0
      },
      {
        "name": "disables_event_logging",
        "time": 0.0
      },
      {
        "name": "disables_folder_options",
        "time": 0.0
      },
      {
        "name": "disables_notificationcenter",
        "time": 0.0
      },
      {
        "name": "disables_power_options",
        "time": 0.001
      },
      {
        "name": "disables_restore_default_state",
        "time": 0.0
      },
      {
        "name": "disables_run_command",
        "time": 0.0
      },
      {
        "name": "disables_smartscreen",
        "time": 0.0
      },
      {
        "name": "disables_startmenu_search",
        "time": 0.0
      },
      {
        "name": "disables_system_restore",
        "time": 0.0
      },
      {
        "name": "disables_uac",
        "time": 0.0
      },
      {
        "name": "disables_wer",
        "time": 0.0
      },
      {
        "name": "disables_windows_defender",
        "time": 0.0
      },
      {
        "name": "disables_windows_defender_logging",
        "time": 0.0
      },
      {
        "name": "removes_windows_defender_contextmenu",
        "time": 0.0
      },
      {
        "name": "removes_windows_defender_updates",
        "time": 0.0
      },
      {
        "name": "windows_defender_powershell",
        "time": 0.0
      },
      {
        "name": "disables_windows_file_protection",
        "time": 0.0
      },
      {
        "name": "disables_windowsupdate",
        "time": 0.0
      },
      {
        "name": "disables_winfirewall",
        "time": 0.0
      },
      {
        "name": "discover_registry_mount_points",
        "time": 0.0
      },
      {
        "name": "adfind_domain_enumeration",
        "time": 0.0
      },
      {
        "name": "domain_enumeration_commands",
        "time": 0.0
      },
      {
        "name": "andromut_mutexes",
        "time": 0.0
      },
      {
        "name": "downloader_cabby",
        "time": 0.0
      },
      {
        "name": "phorpiex_mutexes",
        "time": 0.0
      },
      {
        "name": "protonbot_mutexes",
        "time": 0.0
      },
      {
        "name": "driver_filtermanager",
        "time": 0.0
      },
      {
        "name": "dropper",
        "time": 0.0
      },
      {
        "name": "dll_archive_execution",
        "time": 0.0
      },
      {
        "name": "lnk_archive_execution",
        "time": 0.0
      },
      {
        "name": "script_archive_execution",
        "time": 0.0
      },
      {
        "name": "excel4_macro_urls",
        "time": 0.0
      },
      {
        "name": "escalate_privilege_via_ntlm_relay",
        "time": 0.0
      },
      {
        "name": "spooler_access",
        "time": 0.0
      },
      {
        "name": "spooler_svc_start",
        "time": 0.0
      },
      {
        "name": "mapped_drives_uac",
        "time": 0.0
      },
      {
        "name": "hides_recycle_bin_icon",
        "time": 0.0
      },
      {
        "name": "apocalypse_stealer_file_behavior",
        "time": 0.0
      },
      {
        "name": "arkei_files",
        "time": 0.0
      },
      {
        "name": "azorult_mutexes",
        "time": 0.001
      },
      {
        "name": "infostealer_bitcoin",
        "time": 0.002
      },
      {
        "name": "cryptbot_files",
        "time": 0.0
      },
      {
        "name": "echelon_files",
        "time": 0.001
      },
      {
        "name": "infostealer_ftp",
        "time": 0.003
      },
      {
        "name": "infostealer_im",
        "time": 0.002
      },
      {
        "name": "infostealer_mail",
        "time": 0.002
      },
      {
        "name": "masslogger_files",
        "time": 0.0
      },
      {
        "name": "poullight_files",
        "time": 0.001
      },
      {
        "name": "purplewave_mutexes",
        "time": 0.0
      },
      {
        "name": "quilclipper_mutexes",
        "time": 0.0
      },
      {
        "name": "qulab_files",
        "time": 0.001
      },
      {
        "name": "qulab_mutexes",
        "time": 0.0
      },
      {
        "name": "asyncrat_mutex",
        "time": 0.0
      },
      {
        "name": "Evade_Execution_Via_ASPNet_Compiler",
        "time": 0.0
      },
      {
        "name": "Evade_Execute_Via_DeviceCredentialDeployment",
        "time": 0.0
      },
      {
        "name": "Evade_Execution_Via_Filter_Manager_Control",
        "time": 0.0
      },
      {
        "name": "Evade_Execution_Via_Intel_GFXDownloadWrapper",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_appvlp",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_pcalua",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_OpenSSH",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_pcalua",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_PesterPSModule",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_ScriptRunner",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_ttdinject",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_VisualStudioLiveShare",
        "time": 0.0
      },
      {
        "name": "Execute_Msiexec_Via_Explorer",
        "time": 0.0
      },
      {
        "name": "execute_remote_msi",
        "time": 0.0
      },
      {
        "name": "execute_suspicious_powershell_via_runscripthelper",
        "time": 0.0
      },
      {
        "name": "execute_suspicious_powershell_via_sqlps",
        "time": 0.0
      },
      {
        "name": "Indirect_Command_Execution_Via_ConsoleWindowHost",
        "time": 0.0
      },
      {
        "name": "Perform_Malicious_Activities_Via_Headless_Browser",
        "time": 0.0
      },
      {
        "name": "Register_DLL_Via_CertOC",
        "time": 0.0
      },
      {
        "name": "Register_DLL_Via_MSIEXEC",
        "time": 0.0
      },
      {
        "name": "Register_DLL_Via_Odbcconf",
        "time": 0.0
      },
      {
        "name": "Scriptlet_Proxy_Execution_Via_Pubprn",
        "time": 0.0
      },
      {
        "name": "ie_martian_children",
        "time": 0.0
      },
      {
        "name": "office_martian_children",
        "time": 0.0
      },
      {
        "name": "mimics_icon",
        "time": 0.0
      },
      {
        "name": "masquerade_process_name",
        "time": 0.002
      },
      {
        "name": "mimikatz_modules",
        "time": 0.0
      },
      {
        "name": "ms_office_cmd_rce",
        "time": 0.0
      },
      {
        "name": "mount_copy_to_webdav_share",
        "time": 0.0
      },
      {
        "name": "potential_protocol_tunneling_via_legit_utilities",
        "time": 0.0
      },
      {
        "name": "potential_protocol_tunneling_via_qemu",
        "time": 0.0
      },
      {
        "name": "suspicious_execution_via_dotnet_remoting",
        "time": 0.0
      },
      {
        "name": "modify_certs",
        "time": 0.0
      },
      {
        "name": "dotnet_clr_usagelog_regkeys",
        "time": 0.0
      },
      {
        "name": "modify_hostfile",
        "time": 0.0
      },
      {
        "name": "modify_oem_information",
        "time": 0.0
      },
      {
        "name": "modify_security_center_warnings",
        "time": 0.0
      },
      {
        "name": "modify_uac_prompt",
        "time": 0.0
      },
      {
        "name": "network_dns_blockchain",
        "time": 0.0
      },
      {
        "name": "network_dns_opennic",
        "time": 0.0
      },
      {
        "name": "network_dns_paste_site",
        "time": 0.0
      },
      {
        "name": "network_dns_reverse_proxy",
        "time": 0.0
      },
      {
        "name": "network_dns_temp_file_storage",
        "time": 0.0
      },
      {
        "name": "network_dns_temp_urldns",
        "time": 0.0
      },
      {
        "name": "network_dns_url_shortener",
        "time": 0.0
      },
      {
        "name": "network_dns_doh_tls",
        "time": 0.0
      },
      {
        "name": "suspicious_tld",
        "time": 0.0
      },
      {
        "name": "network_tor_service",
        "time": 0.0
      },
      {
        "name": "office_code_page",
        "time": 0.0
      },
      {
        "name": "office_addinloading",
        "time": 0.0
      },
      {
        "name": "office_perfkey",
        "time": 0.0
      },
      {
        "name": "office_macro",
        "time": 0.0
      },
      {
        "name": "changes_trust_center_settings",
        "time": 0.0
      },
      {
        "name": "disables_vba_trust_access",
        "time": 0.0
      },
      {
        "name": "office_macro_autoexecution",
        "time": 0.0
      },
      {
        "name": "office_macro_ioc",
        "time": 0.0
      },
      {
        "name": "office_macro_malicious_prediction",
        "time": 0.0
      },
      {
        "name": "office_macro_suspicious",
        "time": 0.0
      },
      {
        "name": "rtf_aslr_bypass",
        "time": 0.0
      },
      {
        "name": "rtf_anomaly_characterset",
        "time": 0.0
      },
      {
        "name": "rtf_anomaly_version",
        "time": 0.0
      },
      {
        "name": "rtf_embedded_content",
        "time": 0.0
      },
      {
        "name": "rtf_embedded_office_file",
        "time": 0.0
      },
      {
        "name": "rtf_exploit_static",
        "time": 0.0
      },
      {
        "name": "office_security",
        "time": 0.0
      },
      {
        "name": "accesses_office_username",
        "time": 0.0
      },
      {
        "name": "office_anomalous_feature",
        "time": 0.0
      },
      {
        "name": "office_dde_command",
        "time": 0.0
      },
      {
        "name": "packer_armadillo_mutex",
        "time": 0.0
      },
      {
        "name": "packer_armadillo_regkey",
        "time": 0.0
      },
      {
        "name": "persistence_ads",
        "time": 0.0
      },
      {
        "name": "persistence_safeboot",
        "time": 0.0
      },
      {
        "name": "persistence_ifeo",
        "time": 0.0
      },
      {
        "name": "persistence_silent_process_exit",
        "time": 0.0
      },
      {
        "name": "persistence_rdp_registry",
        "time": 0.0
      },
      {
        "name": "persistence_rdp_shadowing",
        "time": 0.0
      },
      {
        "name": "persistence_service",
        "time": 0.0
      },
      {
        "name": "persistence_shim_database",
        "time": 0.0
      },
      {
        "name": "powerpool_mutexes",
        "time": 0.0
      },
      {
        "name": "powershell_scriptblock_logging",
        "time": 0.0
      },
      {
        "name": "powershell_command_suspicious",
        "time": 0.0
      },
      {
        "name": "powershell_history_save_mod",
        "time": 0.0
      },
      {
        "name": "powershell_renamed",
        "time": 0.0
      },
      {
        "name": "powershell_reversed",
        "time": 0.0
      },
      {
        "name": "powershell_variable_obfuscation",
        "time": 0.0
      },
      {
        "name": "prevents_safeboot",
        "time": 0.0
      },
      {
        "name": "cmdline_process_discovery",
        "time": 0.0
      },
      {
        "name": "cryptomix_mutexes",
        "time": 0.0
      },
      {
        "name": "dharma_mutexes",
        "time": 0.0
      },
      {
        "name": "ransomware_extensions_generic",
        "time": 0.0
      },
      {
        "name": "ransomware_extensions_known",
        "time": 0.004
      },
      {
        "name": "ransomware_files",
        "time": 0.006
      },
      {
        "name": "fonix_mutexes",
        "time": 0.0
      },
      {
        "name": "gandcrab_mutexes",
        "time": 0.0
      },
      {
        "name": "germanwiper_mutexes",
        "time": 0.0
      },
      {
        "name": "medusalocker_mutexes",
        "time": 0.0
      },
      {
        "name": "medusalocker_regkeys",
        "time": 0.0
      },
      {
        "name": "nemty_mutexes",
        "time": 0.0
      },
      {
        "name": "nemty_regkeys",
        "time": 0.0
      },
      {
        "name": "pysa_mutexes",
        "time": 0.0
      },
      {
        "name": "ransomware_radamant",
        "time": 0.0
      },
      {
        "name": "ransomware_recyclebin",
        "time": 0.0
      },
      {
        "name": "revil_mutexes",
        "time": 0.001
      },
      {
        "name": "ransomware_revil_regkey",
        "time": 0.0
      },
      {
        "name": "satan_mutexes",
        "time": 0.0
      },
      {
        "name": "snake_ransom_mutexes",
        "time": 0.0
      },
      {
        "name": "stop_ransom_mutexes",
        "time": 0.0
      },
      {
        "name": "stop_ransomware_cmd",
        "time": 0.0
      },
      {
        "name": "ransomware_stopdjvu",
        "time": 0.0
      },
      {
        "name": "rat_beebus_mutexes",
        "time": 0.0
      },
      {
        "name": "blacknet_mutexes",
        "time": 0.0
      },
      {
        "name": "blackrat_mutexes",
        "time": 0.0
      },
      {
        "name": "crat_mutexes",
        "time": 0.0
      },
      {
        "name": "dcrat_files",
        "time": 0.0
      },
      {
        "name": "dcrat_mutexes",
        "time": 0.0
      },
      {
        "name": "rat_fynloski_mutexes",
        "time": 0.0
      },
      {
        "name": "limerat_mutexes",
        "time": 0.0
      },
      {
        "name": "limerat_regkeys",
        "time": 0.0
      },
      {
        "name": "lodarat_file_behavior",
        "time": 0.0
      },
      {
        "name": "modirat_behavior",
        "time": 0.0
      },
      {
        "name": "njrat_regkeys",
        "time": 0.0
      },
      {
        "name": "obliquerat_files",
        "time": 0.0
      },
      {
        "name": "obliquerat_mutexes",
        "time": 0.0
      },
      {
        "name": "parallax_mutexes",
        "time": 0.0
      },
      {
        "name": "rat_pcclient",
        "time": 0.0
      },
      {
        "name": "rat_plugx_mutexes",
        "time": 0.0
      },
      {
        "name": "rat_poisonivy_mutexes",
        "time": 0.0
      },
      {
        "name": "rat_quasar_mutexes",
        "time": 0.0
      },
      {
        "name": "ratsnif_mutexes",
        "time": 0.0
      },
      {
        "name": "rat_spynet",
        "time": 0.0
      },
      {
        "name": "venomrat_mutexes",
        "time": 0.0
      },
      {
        "name": "warzonerat_files",
        "time": 0.0
      },
      {
        "name": "warzonerat_regkeys",
        "time": 0.0
      },
      {
        "name": "xpertrat_files",
        "time": 0.0
      },
      {
        "name": "xpertrat_mutexes",
        "time": 0.0
      },
      {
        "name": "rat_xtreme_mutexes",
        "time": 0.0
      },
      {
        "name": "reads_password_database",
        "time": 0.0
      },
      {
        "name": "recon_fingerprint",
        "time": 0.0
      },
      {
        "name": "remcos_files",
        "time": 0.0
      },
      {
        "name": "remcos_mutexes",
        "time": 0.0
      },
      {
        "name": "remcos_regkeys",
        "time": 0.0
      },
      {
        "name": "rdptcp_key",
        "time": 0.0
      },
      {
        "name": "uses_rdp_clip",
        "time": 0.0
      },
      {
        "name": "uses_remote_desktop_session",
        "time": 0.0
      },
      {
        "name": "removes_networking_icon",
        "time": 0.0
      },
      {
        "name": "removes_pinned_programs",
        "time": 0.0
      },
      {
        "name": "removes_security_maintenance_icon",
        "time": 0.0
      },
      {
        "name": "removes_startmenu_defaults",
        "time": 0.0
      },
      {
        "name": "removes_username_startmenu",
        "time": 0.0
      },
      {
        "name": "spicyhotpot_behavior",
        "time": 0.0
      },
      {
        "name": "sniffer_winpcap",
        "time": 0.0
      },
      {
        "name": "spreading_autoruninf",
        "time": 0.0
      },
      {
        "name": "stealth_hidden_extension",
        "time": 0.0
      },
      {
        "name": "stealth_hiddenreg",
        "time": 0.0
      },
      {
        "name": "stealth_hide_notifications",
        "time": 0.0
      },
      {
        "name": "stealth_webhistory",
        "time": 0.0
      },
      {
        "name": "sysinternals_psexec",
        "time": 0.0
      },
      {
        "name": "sysinternals_tools",
        "time": 0.0
      },
      {
        "name": "language_check_registry",
        "time": 0.0
      },
      {
        "name": "tampers_etw",
        "time": 0.0
      },
      {
        "name": "lsa_tampering",
        "time": 0.0
      },
      {
        "name": "tampers_powershell_logging",
        "time": 0.0
      },
      {
        "name": "targeted_flame",
        "time": 0.0
      },
      {
        "name": "territorial_disputes_sigs",
        "time": 0.002
      },
      {
        "name": "trickbot_mutex",
        "time": 0.0
      },
      {
        "name": "fleercivet_mutex",
        "time": 0.0
      },
      {
        "name": "lokibot_mutexes",
        "time": 0.0
      },
      {
        "name": "ursnif_behavior",
        "time": 0.001
      },
      {
        "name": "uses_adfind",
        "time": 0.0
      },
      {
        "name": "uses_ms_protocol",
        "time": 0.0
      },
      {
        "name": "neshta_mutexes",
        "time": 0.0
      },
      {
        "name": "renamer_mutexes",
        "time": 0.0
      },
      {
        "name": "owa_web_shell_files",
        "time": 0.0
      },
      {
        "name": "web_shell_files",
        "time": 0.0
      },
      {
        "name": "web_shell_processes",
        "time": 0.0
      },
      {
        "name": "dotnet_csc_build",
        "time": 0.0
      },
      {
        "name": "mavinject_lolbin",
        "time": 0.0
      },
      {
        "name": "multiple_explorer_instances",
        "time": 0.0
      },
      {
        "name": "script_tool_executed",
        "time": 0.0
      },
      {
        "name": "suspicious_certutil_use",
        "time": 0.0
      },
      {
        "name": "suspicious_command_tools",
        "time": 0.0
      },
      {
        "name": "suspicious_mpcmdrun_use",
        "time": 0.0
      },
      {
        "name": "suspicious_ping_use",
        "time": 0.0
      },
      {
        "name": "uses_powershell_copyitem",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_appcmd",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_csvde_ldifde",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_cipher",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_clickonce",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_curl",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_dsquery",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_esentutl",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_finger",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_mode",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_ntdsutil",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_nltest",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_setx",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_xcopy",
        "time": 0.0
      },
      {
        "name": "wmic_command_suspicious",
        "time": 0.0
      },
      {
        "name": "scrcons_wmi_script_consumer",
        "time": 0.0
      },
      {
        "name": "allaple_mutexes",
        "time": 0.0
      }
    ],
    "reporting": [
      {
        "name": "BinGraph",
        "time": 0.0
      }
    ]
  },
  "target": {
    "category": "file",
    "file": {
      "name": "sample.dll",
      "path": "/opt/CAPEv2/storage/binaries/eb90ab3c6321cbe8ec6763de4b880277b4120b739c8b88ebedea51cd0e097107",
      "guest_paths": "",
      "size": 159744,
      "crc32": "9C465382",
      "md5": "0cf6e4d3833971977e610b59cb402522",
      "sha1": "c226aa908267a64298beebc49f3ad03b18faf91b",
      "sha256": "eb90ab3c6321cbe8ec6763de4b880277b4120b739c8b88ebedea51cd0e097107",
      "sha512": "d01daeba5dedc658e2159d33ef882baf8e10724d25e2235dca038fc7927d2c15ff3005e94f2f231550a83717e1ac64f4f70d7ba059739110a4a6e66e412effb1",
      "rh_hash": null,
      "ssdeep": "3072:li407ABdQi4hmUQmlOEz82seijlz9w/OFHPbICBXEEOwa/:wpiw8T5JFjrE3wa/",
      "type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows",
      "yara": [
        {
          "name": "INDICATOR_EXE_Packed_ASPack",
          "meta": {
            "description": "Detects executables packed with ASPack",
            "author": "ditekSHen"
          },
          "strings": [
            "{ 00 00 C0 2E 61 73 70 61 63 6B 00 00 }"
          ],
          "addresses": {
            "s1": 861
          }
        },
        {
          "name": "suspicious_packer_section",
          "meta": {
            "author": "@j0sm1",
            "date": "2016/10/21",
            "description": "The packer/protector section names/keywords",
            "reference": "http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/",
            "filetype": "binary"
          },
          "strings": [
            ".aspack",
            ".adata"
          ],
          "addresses": {
            "s1": 864,
            "s2": 904
          }
        },
        {
          "name": "ASPackv212AlexeySolodovnikov",
          "meta": {
            "author": "malware-lu"
          },
          "strings": [
            "{ 60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 }",
            "{ 60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 00 00 00 EB 5D BB ED FF FF FF 03 DD 81 EB }"
          ],
          "addresses": {
            "a0": 154113,
            "a1": 154113
          }
        },
        {
          "name": "ASProtectV2XDLLAlexeySolodovnikov",
          "meta": {
            "author": "malware-lu"
          },
          "strings": [
            "{ 60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 00 00 00 EB 5D BB ED FF FF FF 03 DD }"
          ],
          "addresses": {
            "a0": 154113
          }
        },
        {
          "name": "IsPE32",
          "meta": {},
          "strings": [],
          "addresses": {}
        },
        {
          "name": "IsDLL",
          "meta": {},
          "strings": [],
          "addresses": {}
        },
        {
          "name": "IsWindowsGUI",
          "meta": {},
          "strings": [],
          "addresses": {}
        },
        {
          "name": "IsPacked",
          "meta": {
            "description": "Entropy Check"
          },
          "strings": [],
          "addresses": {}
        },
        {
          "name": "ASPack_v212_additional",
          "meta": {},
          "strings": [
            "{ 60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 }"
          ],
          "addresses": {
            "a": 154113
          }
        },
        {
          "name": "ASPack_v21_additional",
          "meta": {},
          "strings": [
            "{ 60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 00 00 00 EB 5D BB ED FF FF FF 03 DD 81 EB }"
          ],
          "addresses": {
            "a": 154113
          }
        },
        {
          "name": "ASProtect_V2X_DLL_Alexey_Solodovnikov",
          "meta": {},
          "strings": [
            "{ 60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 00 00 00 EB 5D BB ED FF FF FF 03 DD }"
          ],
          "addresses": {
            "a": 154113
          }
        },
        {
          "name": "ASPack_v212",
          "meta": {},
          "strings": [
            "{ 60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 }",
            "{ 60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 }"
          ],
          "addresses": {
            "a": 154113,
            "b": 154113
          }
        },
        {
          "name": "yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h",
          "meta": {},
          "strings": [
            "`"
          ],
          "addresses": {
            "a": 157306
          }
        },
        {
          "name": "ASPack_v211d",
          "meta": {},
          "strings": [
            "{ 60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 00 00 00 EB 5D BB ED FF FF FF 03 DD 81 }"
          ],
          "addresses": {
            "a": 154113
          }
        },
        {
          "name": "ASProtect_V2X_DLL_Alexey_Solodovnikov_additional",
          "meta": {},
          "strings": [
            "{ 60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 00 00 00 EB 5D BB ED FF FF FF 03 DD }"
          ],
          "addresses": {
            "a": 154113
          }
        },
        {
          "name": "ASPack_212withouth_Poly_Solodovnikov_Alexey",
          "meta": {},
          "strings": [
            "{ 60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 }"
          ],
          "addresses": {
            "a": 154113
          }
        },
        {
          "name": "ASPack_v212_Alexey_Solodovnikov",
          "meta": {},
          "strings": [
            "{ 60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 }"
          ],
          "addresses": {
            "a": 154113
          }
        }
      ],
      "cape_yara": [],
      "clamav": [],
      "tlsh": "T10DF3F0BBFCCD50A7D1CDE17B2476A90285EE0A1005BFD1AED0E9851A7CDA4E4272C71B",
      "sha3_384": "b4d373c5b16fc506f1e1f1a42e5252fccb87a2f00462d39a87b85161db76de3e4e16f53297b28e3c494c9c8879ec747b",
      "yara_hash": "3b285f9d3c197e5b63f2245e549b04ead2ddc38f69551ea601ce08d250fcd6a2",
      "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
      "pe": {
        "guest_signers": {
          "aux_sha1": null,
          "aux_timestamp": null,
          "aux_valid": false,
          "aux_error": true,
          "aux_error_desc": "CryptCATAdminCalcHashFromFileHandle returned error: 0x800700C1 aa\u0001 Win32. SignTool Error: No signature found.",
          "aux_signers": []
        },
        "digital_signers": [],
        "imagebase": "0x59800000",
        "entrypoint": "0x0005a001",
        "ep_bytes": "60e803000000e9eb045d4555c3e80100",
        "peid_signatures": null,
        "reported_checksum": "0x0005ee73",
        "actual_checksum": "0x0002ac42",
        "osversion": "5.0",
        "machine_type": "IMAGE_FILE_MACHINE_I386",
        "pdbpath": null,
        "imports": {
          "kernel32": {
            "dll": "kernel32.dll",
            "imports": [
              {
                "address": "0x5985af5c",
                "name": "GetProcAddress"
              },
              {
                "address": "0x5985af60",
                "name": "GetModuleHandleA"
              },
              {
                "address": "0x5985af64",
                "name": "LoadLibraryA"
              }
            ]
          },
          "rtl120": {
            "dll": "rtl120.bpl",
            "imports": [
              {
                "address": "0x5985b25b",
                "name": "@System@initialization$qqrv"
              },
              {
                "address": "0x5985b2c3",
                "name": "@Sysconst@_SModuleAccessViolation"
              },
              {
                "address": "0x5985b2db",
                "name": "@Typinfo@initialization$qqrv"
              },
              {
                "address": "0x5985b2e3",
                "name": "@Sysutils@initialization$qqrv"
              },
              {
                "address": "0x5985b2eb",
                "name": "@Variants@initialization$qqrv"
              },
              {
                "address": "0x5985b2f3",
                "name": "@Varutils@initialization$qqrv"
              }
            ]
          },
          "user32": {
            "dll": "user32.dll",
            "imports": [
              {
                "address": "0x5985b263",
                "name": "CreateWindowExA"
              }
            ]
          },
          "gdi32": {
            "dll": "gdi32.dll",
            "imports": [
              {
                "address": "0x5985b26b",
                "name": "TextOutA"
              }
            ]
          },
          "advapi32": {
            "dll": "advapi32.dll",
            "imports": [
              {
                "address": "0x5985b273",
                "name": "SetSecurityDescriptorDacl"
              }
            ]
          },
          "madbasic_": {
            "dll": "madbasic_.bpl",
            "imports": [
              {
                "address": "0x5985b27b",
                "name": "@Madtypes@MadException@$bctr$qqrx20System@UnicodeString"
              },
              {
                "address": "0x5985b283",
                "name": "@Madstrings@initialization$qqrv"
              },
              {
                "address": "0x5985b293",
                "name": "@Madtools@initialization$qqrv"
              }
            ]
          },
          "maddisasm_": {
            "dll": "maddisasm_.bpl",
            "imports": [
              {
                "address": "0x5985b28b",
                "name": "@Maddisasm@initialization$qqrv"
              }
            ]
          },
          "comctl32": {
            "dll": "comctl32.dll",
            "imports": [
              {
                "address": "0x5985b2ab",
                "name": "ImageList_Destroy"
              }
            ]
          },
          "comdlg32": {
            "dll": "comdlg32.dll",
            "imports": [
              {
                "address": "0x5985b2b3",
                "name": "PrintDlgW"
              }
            ]
          },
          "shell32": {
            "dll": "shell32.dll",
            "imports": [
              {
                "address": "0x5985b2bb",
                "name": "ShellExecuteExA"
              },
              {
                "address": "0x5985b2d3",
                "name": "SHGetPathFromIDListA"
              }
            ]
          },
          "wsock32": {
            "dll": "wsock32.dll",
            "imports": [
              {
                "address": "0x5985b2cb",
                "name": "WSACleanup"
              }
            ]
          }
        },
        "exported_dll_name": "madExcept_.bpl",
        "exports": [
          {
            "address": "0x59816910",
            "name": "@$xp$19Madexcept@IMEFields",
            "ordinal": 213
          },
          {
            "address": "0x598166fc",
            "name": "@$xp$19Madexcept@TMEButton",
            "ordinal": 219
          },
          {
            "address": "0x5981679c",
            "name": "@$xp$19Madexcept@TMEDupDef",
            "ordinal": 218
          },
          {
            "address": "0x59816c1c",
            "name": "@$xp$19Madexcept@TSyncType",
            "ordinal": 205
          },
          {
            "address": "0x59802448",
            "name": "@$xp$19Madmapfile@TMapFile",
            "ordinal": 18
          },
          {
            "address": "0x598022fc",
            "name": "@$xp$20Madmapfile@TMfPublic",
            "ordinal": 23
          },
          {
            "address": "0x59816868",
            "name": "@$xp$21Madexcept@IMESettings",
            "ordinal": 216
          },
          {
            "address": "0x59816944",
            "name": "@$xp$21Madexcept@TExceptType",
            "ordinal": 212
          },
          {
            "address": "0x598022dc",
            "name": "@$xp$21Madmapfile@TMfSegment",
            "ordinal": 24
          },
          {
            "address": "0x5980cf78",
            "name": "@$xp$21Madnvbitmap@INVBitmap",
            "ordinal": 45
          },
          {
            "address": "0x59816be4",
            "name": "@$xp$22Madexcept@IMEException",
            "ordinal": 208
          },
          {
            "address": "0x59816e14",
            "name": "@$xp$22Madexcept@Madexcept__1",
            "ordinal": 185
          },
          {
            "address": "0x59816e34",
            "name": "@$xp$22Madexcept@Madexcept__2",
            "ordinal": 184
          },
          {
            "address": "0x59816b00",
            "name": "@$xp$22Madexcept@TExceptPhase",
            "ordinal": 210
          },
          {
            "address": "0x5980fc28",
            "name": "@$xp$22Madnvassistant@INVEdit",
            "ordinal": 60
          },
          {
            "address": "0x5980fd88",
            "name": "@$xp$22Madnvassistant@INVForm",
            "ordinal": 55
          },
          {
            "address": "0x5980fb80",
            "name": "@$xp$22Madnvassistant@INVItem",
            "ordinal": 63
          },
          {
            "address": "0x5980cf18",
            "name": "@$xp$22Madnvbitmap@TPngFormat",
            "ordinal": 46
          },
          {
            "address": "0x59816cc4",
            "name": "@$xp$23Madexcept@TExceptAction",
            "ordinal": 203
          },
          {
            "address": "0x59816988",
            "name": "@$xp$23Madexcept@TExceptSource",
            "ordinal": 211
          },
          {
            "address": "0x5980231c",
            "name": "@$xp$23Madmapfile@_TMapFile@_1",
            "ordinal": 22
          },
          {
            "address": "0x5980234c",
            "name": "@$xp$23Madmapfile@_TMapFile@_2",
            "ordinal": 21
          },
          {
            "address": "0x5980237c",
            "name": "@$xp$23Madmapfile@_TMapFile@_3",
            "ordinal": 20
          },
          {
            "address": "0x5980fc9c",
            "name": "@$xp$23Madnvassistant@INVImage",
            "ordinal": 58
          },
          {
            "address": "0x5980fbf0",
            "name": "@$xp$23Madnvassistant@INVLabel",
            "ordinal": 61
          },
          {
            "address": "0x598168d8",
            "name": "@$xp$24Madexcept@IMEAttachments",
            "ordinal": 214
          },
          {
            "address": "0x59816c78",
            "name": "@$xp$24Madexcept@TExceptEventOO",
            "ordinal": 204
          },
          {
            "address": "0x59816804",
            "name": "@$xp$24Madexcept@TMEShowSetting",
            "ordinal": 217
          },
          {
            "address": "0x5980fbb8",
            "name": "@$xp$24Madnvassistant@INVButton",
            "ordinal": 62
          },
          {
            "address": "0x5980fd28",
            "name": "@$xp$24Madnvassistant@TNVAction",
            "ordinal": 56
          },
          {
            "address": "0x59808500",
            "name": "@$xp$24Madstacktrace@TStackItem",
            "ordinal": 40
          },
          {
            "address": "0x59808530",
            "name": "@$xp$25Madstacktrace@TStackTrace",
            "ordinal": 39
          },
          {
            "address": "0x5980fc60",
            "name": "@$xp$26Madnvassistant@INVCheckBox",
            "ordinal": 59
          },
          {
            "address": "0x5980fb3c",
            "name": "@$xp$26Madnvassistant@TOutputType",
            "ordinal": 64
          },
          {
            "address": "0x5981689c",
            "name": "@$xp$27Madexcept@IMEModuleSettings",
            "ordinal": 215
          },
          {
            "address": "0x5980fdc0",
            "name": "@$xp$27Madnvassistant@INVAssistant",
            "ordinal": 54
          },
          {
            "address": "0x598085fc",
            "name": "@$xp$28Madstacktrace@BcbTermination",
            "ordinal": 36
          },
          {
            "address": "0x5980fcd4",
            "name": "@$xp$29Madnvassistant@TNVModalResult",
            "ordinal": 57
          },
          {
            "address": "0x59807550",
            "name": "@$xp$29Madnvprgralert@IProgressAlert",
            "ordinal": 28
          },
          {
            "address": "0x59808560",
            "name": "@$xp$29Madstacktrace@TDAPreStackItem",
            "ordinal": 38
          },
          {
            "address": "0x59816b78",
            "name": "@$xp$30Madexcept@TBugReportCallbackOO",
            "ordinal": 209
          },
          {
            "address": "0x59816da8",
            "name": "@$xp$30Madexcept@TExceptActionEventOO",
            "ordinal": 202
          },
          {
            "address": "0x598435c0",
            "name": "@GetPackageInfoTable",
            "ordinal": 242
          },
          {
            "address": "0x598433d4",
            "name": "@Maddumpobj@DumpObj$qqrp14System@TObject",
            "ordinal": 235
          },
          {
            "address": "0x59843438",
            "name": "@Maddumpobj@Finalization$qqrv",
            "ordinal": 234
          },
          {
            "address": "0x5984423c",
            "name": "@Maddumpobj@initialization$qqrv",
            "ordinal": 233
          },
          {
            "address": "0x59845054",
            "name": "@Madexcept@AddCmdLineToBugRep",
            "ordinal": 200
          },
          {
            "address": "0x59845090",
            "name": "@Madexcept@AmHttpServer",
            "ordinal": 182
          },
          {
            "address": "0x598267e8",
            "name": "@Madexcept@AmOnline$qqro",
            "ordinal": 129
          },
          {
            "address": "0x5982ba7c",
            "name": "@Madexcept@AutoSaveBugReport$qqr27System@%AnsiStringT$us$i0$%49System@%DelphiInterface$t21Madexcept@IMESettings%",
            "ordinal": 121
          },
          {
            "address": "0x5982c850",
            "name": "@Madexcept@AutoSendBugReport$qqr27System@%AnsiStringT$us$i0$%49System@%DelphiInterface$t21Madnvbitmap@INVBitmap%49System@%DelphiInterface$t21Madexcept@IMESettings%",
            "ordinal": 119
          },
          {
            "address": "0x598450ec",
            "name": "@Madexcept@BcbCallTerminate",
            "ordinal": 159
          },
          {
            "address": "0x598450d8",
            "name": "@Madexcept@BcbExceptionHandler",
            "ordinal": 164
          },
          {
            "address": "0x59817ea8",
            "name": "@Madexcept@BcbHelper_GetIntraWebVersion$qqrpv",
            "ordinal": 151
          },
          {
            "address": "0x598450e0",
            "name": "@Madexcept@BcbInitExceptBlockLDTC",
            "ordinal": 162
          },
          {
            "address": "0x598450e8",
            "name": "@Madexcept@BcbMemcpy",
            "ordinal": 160
          },
          {
            "address": "0x598450e4",
            "name": "@Madexcept@BcbOrgMalloc",
            "ordinal": 161
          },
          {
            "address": "0x598450f0",
            "name": "@Madexcept@BcbPTerminate",
            "ordinal": 158
          },
          {
            "address": "0x598450dc",
            "name": "@Madexcept@BcbThrowExceptionLDTC",
            "ordinal": 163
          },
          {
            "address": "0x59845094",
            "name": "@Madexcept@BugReportHtml",
            "ordinal": 181
          },
          {
            "address": "0x598450bc",
            "name": "@Madexcept@CGIApp_TCGIApplication_CGIHandleException",
            "ordinal": 171
          },
          {
            "address": "0x59845044",
            "name": "@Madexcept@CMadExceptVersionString",
            "ordinal": 220
          },
          {
            "address": "0x59816e54",
            "name": "@Madexcept@CalibrateCode$qqrv",
            "ordinal": 157
          },
          {
            "address": "0x5984508c",
            "name": "@Madexcept@CalibrateData",
            "ordinal": 183
          },
          {
            "address": "0x5981a598",
            "name": "@Madexcept@CheckExceptParams$qqrrp14System@TObjectrpvt2rp8_CONTEXT",
            "ordinal": 144
          },
          {
            "address": "0x598450b8",
            "name": "@Madexcept@Classes_CheckSynchronize",
            "ordinal": 172
          },
          {
            "address": "0x5981f744",
            "name": "@Madexcept@CloseAntiFreeze$qqrv",
            "ordinal": 140
          },
          {
            "address": "0x5984505c",
            "name": "@Madexcept@CloseAppExitCode",
            "ordinal": 198
          },
          {
            "address": "0x5982ce44",
            "name": "@Madexcept@CloseApplication$qqrv",
            "ordinal": 116
          },
          {
            "address": "0x598351cc",
            "name": "@Madexcept@CreateBugReport$qqr21Madexcept@TExceptTypep14System@TObjectpvuiuiuip8_CONTEXTo55System@%DelphiInterface$t27Madexcept@IMEModuleSettings%23Madexcept@TExceptSourcet2uit3",
            "ordinal": 96
          },
          {
            "address": "0x5982a944",
            "name": "@Madexcept@DecryptPassword$qqr27System@%AnsiStringT$us$i0$%t1t1",
            "ordinal": 124
          },
          {
            "address": "0x59832e78",
            "name": "@Madexcept@DefaultBugReportHtml$qqr27System@%AnsiStringT$us$i0$%49System@%DelphiInterface$t21Madexcept@IMESettings%",
            "ordinal": 115
          },
          {
            "address": "0x59845058",
            "name": "@Madexcept@DetectConsole",
            "ordinal": 199
          },
          {
            "address": "0x59845098",
            "name": "@Madexcept@DisAsmFunc",
            "ordinal": 180
          },
          {
            "address": "0x5983e05c",
            "name": "@Madexcept@DontHookThreads$qqrv",
            "ordinal": 70
          },
          {
            "address": "0x59845080",
            "name": "@Madexcept@DontReformatExcMsg",
            "ordinal": 189
          },
          {
            "address": "0x5984506c",
            "name": "@Madexcept@DontUseProxy",
            "ordinal": 194
          },
          {
            "address": "0x59845064",
            "name": "@Madexcept@DumbStackTrace",
            "ordinal": 196
          },
          {
            "address": "0x5983bed0",
            "name": "@Madexcept@Ebp$qqrv",
            "ordinal": 72
          },
          {
            "address": "0x5983bec8",
            "name": "@Madexcept@Esp$qqrv",
            "ordinal": 73
          },
          {
            "address": "0x59818ff0",
            "name": "@Madexcept@ExpandVars$qqruir27System@%AnsiStringT$us$i0$%27System@%AnsiStringT$us$i0$%t3t3",
            "ordinal": 147
          },
          {
            "address": "0x598199b4",
            "name": "@Madexcept@FillClipboard$qqr27System@%AnsiStringT$us$i0$%",
            "ordinal": 145
          },
          {
            "address": "0x598406fc",
            "name": "@Madexcept@Finalization$qqrv",
            "ordinal": 66
          },
          {
            "address": "0x59845078",
            "name": "@Madexcept@ForceUtf8",
            "ordinal": 191
          },
          {
            "address": "0x59819908",
            "name": "@Madexcept@FormatExceptMessage$qqr27System@%AnsiStringT$us$i0$%",
            "ordinal": 146
          },
          {
            "address": "0x5984509c",
            "name": "@Madexcept@Forms_TApplication_HandleException",
            "ordinal": 179
          },
          {
            "address": "0x598450a0",
            "name": "@Madexcept@Forms_TApplication_ShowException",
            "ordinal": 178
          },
          {
            "address": "0x59835c3c",
            "name": "@Madexcept@Get9xResourceReport$qqrv",
            "ordinal": 86
          },
          {
            "address": "0x59835ed4",
            "name": "@Madexcept@GetAllocatedMemory$qqrv",
            "ordinal": 84
          },
          {
            "address": "0x598359c8",
            "name": "@Madexcept@GetCpuCount$qqrv",
            "ordinal": 88
          },
          {
            "address": "0x59835918",
            "name": "@Madexcept@GetCpuName$qqrv",
            "ordinal": 89
          },
          {
            "address": "0x59839334",
            "name": "@Madexcept@GetCrashStackTrace$qqrooop49System@%DynamicArray$t24Madstacktrace@TStackItem%57System@%DelphiInterface$t29Madnvprgralert@IProgressAlert%opuit7pop52System@%DynamicArray$t27System@%AnsiStringT$us$i0$%%",
            "ordinal": 78
          },
          {
            "address": "0x59835cf8",
            "name": "@Madexcept@GetDisplayModeString$qqrv",
            "ordinal": 85
          },
          {
            "address": "0x5983b920",
            "name": "@Madexcept@GetExceptBoxHandle$qqrv",
            "ordinal": 76
          },
          {
            "address": "0x59835abc",
            "name": "@Madexcept@GetMemoryStatus$qqrv",
            "ordinal": 87
          },
          {
            "address": "0x59835774",
            "name": "@Madexcept@GetOsLanguageString$qqrv",
            "ordinal": 92
          },
          {
            "address": "0x598356c4",
            "name": "@Madexcept@GetOsVersionString$qqrv",
            "ordinal": 93
          },
          {
            "address": "0x59835814",
            "name": "@Madexcept@GetProgramUpTime$qqrv",
            "ordinal": 90
          },
          {
            "address": "0x598357bc",
            "name": "@Madexcept@GetSystemUpTime$qqrv",
            "ordinal": 91
          },
          {
            "address": "0x59835344",
            "name": "@Madexcept@GetTSClientName$qqrv",
            "ordinal": 94
          },
          {
            "address": "0x598189b8",
            "name": "@Madexcept@GetThreadCreatorAddr$qqrui",
            "ordinal": 148
          },
          {
            "address": "0x5983921c",
            "name": "@Madexcept@GetThreadInfos$qqruiruit2t2t2riro",
            "ordinal": 79
          },
          {
            "address": "0x59816f58",
            "name": "@Madexcept@GetThreadList$qqrv",
            "ordinal": 156
          },
          {
            "address": "0x5981898c",
            "name": "@Madexcept@GetThreadName$qqrui",
            "ordinal": 149
          },
          {
            "address": "0x598394a4",
            "name": "@Madexcept@GetThreadStackTrace$qqruiooop49System@%DynamicArray$t24Madstacktrace@TStackItem%57System@%DelphiInterface$t29Madnvprgralert@IProgressAlert%opuit8pop52System@%DynamicArray$t27System@%AnsiStringT$us$i0$%%",
            "ordinal": 77
          },
          {
            "address": "0x5981f9b8",
            "name": "@Madexcept@HandleContactForm$qqr50System@%DelphiInterface$t22Madnvassistant@INVForm%24Madnvassistant@TNVAction50System@%DelphiInterface$t22Madnvassistant@INVItem%50System@%DelphiInterface$t22Madexcept@IMEException%",
            "ordinal": 136
          },
          {
            "address": "0x598344f4",
            "name": "@Madexcept@HandleException$qqr21Madexcept@TExceptTypep14System@TObjectpvouiuip8_CONTEXT23Madexcept@TExceptSourcet2uip27System@%AnsiStringT$us$i0$%",
            "ordinal": 114
          },
          {
            "address": "0x5981ff1c",
            "name": "@Madexcept@HandleScreenshotForm$qqr50System@%DelphiInterface$t22Madnvassistant@INVForm%24Madnvassistant@TNVAction50System@%DelphiInterface$t22Madnvassistant@INVItem%50System@%DelphiInterface$t22Madexcept@IMEException%",
            "ordinal": 135
          },
          {
            "address": "0x5984507c",
            "name": "@Madexcept@HiddenAutoMailing",
            "ordinal": 190
          },
          {
            "address": "0x5983e008",
            "name": "@Madexcept@HookThreads$qqrv",
            "ordinal": 71
          },
          {
            "address": "0x598450c4",
            "name": "@Madexcept@HttpExtensionProcNext",
            "ordinal": 169
          },
          {
            "address": "0x5982a9d4",
            "name": "@Madexcept@HttpUpload$qqr27System@%AnsiStringT$us$i0$%52System@%DelphiInterface$t24Madexcept@IMEAttachments%47System@%DelphiInterface$t19Madexcept@IMEFields%t1t1uit1uioo49System@%DelphiInterface$t21Madexcept@IMESettings%",
            "ordinal": 123
          },
          {
            "address": "0x59845068",
            "name": "@Madexcept@HttpUploadTimeout",
            "ordinal": 195
          },
          {
            "address": "0x5983e5ac",
            "name": "@Madexcept@HyperJumpCallstack$qqr27System@%AnsiStringT$us$i0$%",
            "ordinal": 68
          },
          {
            "address": "0x598450c0",
            "name": "@Madexcept@ISAPIApp_TISAPIApplication_ISAPIHandleException",
            "ordinal": 170
          },
          {
            "address": "0x5981f848",
            "name": "@Madexcept@ImNotFrozen$qqrv",
            "ordinal": 138
          },
          {
            "address": "0x5981f6b4",
            "name": "@Madexcept@InitAntiFreeze$qqrv",
            "ordinal": 141
          },
          {
            "address": "0x5983e818",
            "name": "@Madexcept@InstallUnhandledExceptionFilter$qqrv",
            "ordinal": 67
          },
          {
            "address": "0x598391ec",
            "name": "@Madexcept@IsThreadSuspended$qqruiui",
            "ordinal": 80
          },
          {
            "address": "0x59835284",
            "name": "@Madexcept@IsUserAdmin$qqrv",
            "ordinal": 95
          },
          {
            "address": "0x59824adc",
            "name": "@Madexcept@MESettings$qqrpv",
            "ordinal": 133
          },
          {
            "address": "0x59824a18",
            "name": "@Madexcept@MESettings$qqrui",
            "ordinal": 134
          },
          {
            "address": "0x59824bfc",
            "name": "@Madexcept@MESettings$qqrv",
            "ordinal": 132
          },
          {
            "address": "0x59827cb0",
            "name": "@Madexcept@MxLookup$qqr27System@%AnsiStringT$us$i0$%",
            "ordinal": 126
          },
          {
            "address": "0x598185ac",
            "name": "@Madexcept@NameThread$qqrui27System@%AnsiStringT$us$i0$%",
            "ordinal": 150
          },
          {
            "address": "0x59825d10",
            "name": "@Madexcept@NewAttachments$qqrv",
            "ordinal": 130
          },
          {
            "address": "0x5983baf4",
            "name": "@Madexcept@NewException$qqr21Madexcept@TExceptTypep14System@TObjectpvouiuiuip8_CONTEXT55System@%DelphiInterface$t27Madexcept@IMEModuleSettings%23Madexcept@TExceptSourcet2uit3o",
            "ordinal": 74
          },
          {
            "address": "0x59825628",
            "name": "@Madexcept@NewFields$qqrv",
            "ordinal": 131
          },
          {
            "address": "0x59845074",
            "name": "@Madexcept@NoOnlineCheck",
            "ordinal": 192
          },
          {
            "address": "0x59845048",
            "name": "@Madexcept@OnExceptBoxCreate",
            "ordinal": 207
          },
          {
            "address": "0x5984504c",
            "name": "@Madexcept@OnExceptBoxDestroy",
            "ordinal": 206
          },
          {
            "address": "0x598172e0",
            "name": "@Madexcept@OpenThread$qqruiui",
            "ordinal": 155
          },
          {
            "address": "0x59836300",
            "name": "@Madexcept@PatchInt$qqrpvi",
            "ordinal": 82
          },
          {
            "address": "0x598362b0",
            "name": "@Madexcept@PatchJmp$qqrpvt1",
            "ordinal": 83
          },
          {
            "address": "0x5981f7c4",
            "name": "@Madexcept@PauseFreezeCheck$qqro",
            "ordinal": 139
          },
          {
            "address": "0x59836314",
            "name": "@Madexcept@PauseMadExcept$qqro",
            "ordinal": 81
          },
          {
            "address": "0x5981f404",
            "name": "@Madexcept@PauseMeEventually$qqrv",
            "ordinal": 142
          },
          {
            "address": "0x5984603c",
            "name": "@Madexcept@Plugins",
            "ordinal": 186
          },
          {
            "address": "0x5982c8f0",
            "name": "@Madexcept@PrintBugReport$qqr27System@%AnsiStringT$us$i0$%ui49System@%DelphiInterface$t21Madexcept@IMESettings%",
            "ordinal": 118
          },
          {
            "address": "0x59845050",
            "name": "@Madexcept@ProcessMainThreadId",
            "ordinal": 201
          },
          {
            "address": "0x59845070",
            "name": "@Madexcept@ProxyServer",
            "ordinal": 193
          },
          {
            "address": "0x5981e7cc",
            "name": "@Madexcept@PutAssisIntoBugReport$qqr55System@%DelphiInterface$t27Madnvassistant@INVAssistant%50System@%DelphiInterface$t22Madexcept@IMEException%",
            "ordinal": 143
          },
          {
            "address": "0x598450a4",
            "name": "@Madexcept@Qforms_TApplication_HandleException",
            "ordinal": 177
          },
          {
            "address": "0x598450a8",
            "name": "@Madexcept@Qforms_TApplication_ShowException",
            "ordinal": 176
          },
          {
            "address": "0x59817da4",
            "name": "@Madexcept@RegDelVal$qqrui27System@%AnsiStringT$us$i0$%t2",
            "ordinal": 152
          },
          {
            "address": "0x59817bc0",
            "name": "@Madexcept@RegReadStr$qqrui27System@%AnsiStringT$us$i0$%t2",
            "ordinal": 154
          },
          {
            "address": "0x59817cd0",
            "name": "@Madexcept@RegWriteStr$qqrui27System@%AnsiStringT$us$i0$%t2t2",
            "ordinal": 153
          },
          {
            "address": "0x59834e8c",
            "name": "@Madexcept@RegisterBugReportPlugin$qqr27System@%AnsiStringT$us$i0$%t1pqqrv$20System@UnicodeStringo",
            "ordinal": 100
          },
          {
            "address": "0x59834dc8",
            "name": "@Madexcept@RegisterBugReportPlugin$qqr27System@%AnsiStringT$us$i0$%t1pqqrv$27System@%AnsiStringT$us$i0$%o",
            "ordinal": 101
          },
          {
            "address": "0x59835014",
            "name": "@Madexcept@RegisterBugReportPlugin$qqr27System@%AnsiStringT$us$i0$%t1pqqrx50System@%DelphiInterface$t22Madexcept@IMEException%$20System@UnicodeStringo",
            "ordinal": 98
          },
          {
            "address": "0x59834f50",
            "name": "@Madexcept@RegisterBugReportPlugin$qqr27System@%AnsiStringT$us$i0$%t1pqqrx50System@%DelphiInterface$t22Madexcept@IMEException%$27System@%AnsiStringT$us$i0$%o",
            "ordinal": 99
          },
          {
            "address": "0x59834c74",
            "name": "@Madexcept@RegisterExceptActionHandler$qqrpqqr23Madexcept@TExceptActionx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v19Madexcept@TSyncType",
            "ordinal": 109
          },
          {
            "address": "0x59834c84",
            "name": "@Madexcept@RegisterExceptActionHandler$qqrynpqqr23Madexcept@TExceptActionx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v19Madexcept@TSyncType",
            "ordinal": 108
          },
          {
            "address": "0x59834c24",
            "name": "@Madexcept@RegisterExceptionHandler$qqrpqqrx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v19Madexcept@TSyncType22Madexcept@TExceptPhase",
            "ordinal": 113
          },
          {
            "address": "0x59834c34",
            "name": "@Madexcept@RegisterExceptionHandler$qqrynpqqrx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v19Madexcept@TSyncType22Madexcept@TExceptPhase",
            "ordinal": 112
          },
          {
            "address": "0x59834cc4",
            "name": "@Madexcept@RegisterHiddenExceptionHandler$qqrpqqrx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v19Madexcept@TSyncType",
            "ordinal": 105
          },
          {
            "address": "0x59834cd4",
            "name": "@Madexcept@RegisterHiddenExceptionHandler$qqrynpqqrx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v19Madexcept@TSyncType",
            "ordinal": 104
          },
          {
            "address": "0x59845060",
            "name": "@Madexcept@ResetFpuMode",
            "ordinal": 197
          },
          {
            "address": "0x5982ccf4",
            "name": "@Madexcept@RestartApplication$qqrv",
            "ordinal": 117
          },
          {
            "address": "0x5982b9fc",
            "name": "@Madexcept@SaveBugReport$qqr27System@%AnsiStringT$us$i0$%ui49System@%DelphiInterface$t21Madexcept@IMESettings%",
            "ordinal": 122
          },
          {
            "address": "0x5982c7ac",
            "name": "@Madexcept@SendBugReport$qqr27System@%AnsiStringT$us$i0$%49System@%DelphiInterface$t21Madnvbitmap@INVBitmap%ui49System@%DelphiInterface$t21Madexcept@IMESettings%",
            "ordinal": 120
          },
          {
            "address": "0x59826d0c",
            "name": "@Madexcept@SendMapiMail$qqr27System@%AnsiStringT$us$i0$%t1t152System@%DelphiInterface$t24Madexcept@IMEAttachments%uioo49System@%DelphiInterface$t21Madexcept@IMESettings%",
            "ordinal": 128
          },
          {
            "address": "0x59826f74",
            "name": "@Madexcept@SendShellMail$qqr27System@%AnsiStringT$us$i0$%t1t1",
            "ordinal": 127
          },
          {
            "address": "0x5982a7f0",
            "name": "@Madexcept@SendSmtpMail$qqr27System@%AnsiStringT$us$i0$%t1t1t152System@%DelphiInterface$t24Madexcept@IMEAttachments%t1t1t1uiuioo49System@%DelphiInterface$t21Madexcept@IMESettings%",
            "ordinal": 125
          },
          {
            "address": "0x5981f868",
            "name": "@Madexcept@SetFreezeTimeout$qqrui",
            "ordinal": 137
          },
          {
            "address": "0x5983b938",
            "name": "@Madexcept@SetTopmost$qqruio",
            "ordinal": 75
          },
          {
            "address": "0x59845088",
            "name": "@Madexcept@ShowBugReportKey",
            "ordinal": 187
          },
          {
            "address": "0x59845084",
            "name": "@Madexcept@SmtpMailFrom",
            "ordinal": 188
          },
          {
            "address": "0x598450b4",
            "name": "@Madexcept@SysUtils_InitializePackage",
            "ordinal": 173
          },
          {
            "address": "0x598450b0",
            "name": "@Madexcept@SysUtils_LoadPackage",
            "ordinal": 174
          },
          {
            "address": "0x598450ac",
            "name": "@Madexcept@SysUtils_ShowException",
            "ordinal": 175
          },
          {
            "address": "0x598450d0",
            "name": "@Madexcept@System_ExceptionHandler",
            "ordinal": 166
          },
          {
            "address": "0x598450cc",
            "name": "@Madexcept@System_FinalizeUnits",
            "ordinal": 167
          },
          {
            "address": "0x598450c8",
            "name": "@Madexcept@System_InitUnits",
            "ordinal": 168
          },
          {
            "address": "0x598450d4",
            "name": "@Madexcept@System_runErrMsg",
            "ordinal": 165
          },
          {
            "address": "0x598350d8",
            "name": "@Madexcept@UnregisterBugReportPlugin$qqr27System@%AnsiStringT$us$i0$%",
            "ordinal": 97
          },
          {
            "address": "0x59834ca0",
            "name": "@Madexcept@UnregisterExceptActionHandler$qqrpqqr23Madexcept@TExceptActionx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v",
            "ordinal": 107
          },
          {
            "address": "0x59834cac",
            "name": "@Madexcept@UnregisterExceptActionHandler$qqrynpqqr23Madexcept@TExceptActionx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v",
            "ordinal": 106
          },
          {
            "address": "0x59834c50",
            "name": "@Madexcept@UnregisterExceptionHandler$qqrpqqrx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v",
            "ordinal": 111
          },
          {
            "address": "0x59834c5c",
            "name": "@Madexcept@UnregisterExceptionHandler$qqrynpqqrx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v",
            "ordinal": 110
          },
          {
            "address": "0x59834cf0",
            "name": "@Madexcept@UnregisterHiddenExceptionHandler$qqrpqqrx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v",
            "ordinal": 103
          },
          {
            "address": "0x59834cfc",
            "name": "@Madexcept@UnregisterHiddenExceptionHandler$qqrynpqqrx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v",
            "ordinal": 102
          },
          {
            "address": "0x5984409c",
            "name": "@Madexcept@initialization$qqrv",
            "ordinal": 65
          },
          {
            "address": "0x5983e2f0",
            "name": "@Madexcept@madTraceProcess$qqsi",
            "ordinal": 69
          },
          {
            "address": "0x598435c0",
            "name": "@Madexcept_@@GetPackageInfoTable$qqrv",
            "ordinal": 239
          },
          {
            "address": "0x598435c8",
            "name": "@Madexcept_@@PackageLoad$qqrv",
            "ordinal": 238
          },
          {
            "address": "0x598435d4",
            "name": "@Madexcept_@@PackageUnload$qqrv",
            "ordinal": 237
          },
          {
            "address": "0x59844244",
            "name": "@Madexcept_@initialization$qqrv",
            "ordinal": 236
          },
          {
            "address": "0x59840828",
            "name": "@Madlinkdisasm@Finalization$qqrv",
            "ordinal": 223
          },
          {
            "address": "0x598440ec",
            "name": "@Madlinkdisasm@initialization$qqrv",
            "ordinal": 222
          },
          {
            "address": "0x5984295c",
            "name": "@Madlisthardware@Finalization$qqrv",
            "ordinal": 231
          },
          {
            "address": "0x598426c8",
            "name": "@Madlisthardware@GetHardwareList$qqrv",
            "ordinal": 232
          },
          {
            "address": "0x598441bc",
            "name": "@Madlisthardware@initialization$qqrv",
            "ordinal": 230
          },
          {
            "address": "0x59840cec",
            "name": "@Madlistmodules@Finalization$qqrv",
            "ordinal": 225
          },
          {
            "address": "0x598408a8",
            "name": "@Madlistmodules@GetModuleList$qqrv",
            "ordinal": 226
          },
          {
            "address": "0x59844104",
            "name": "@Madlistmodules@initialization$qqrv",
            "ordinal": 224
          },
          {
            "address": "0x59841aac",
            "name": "@Madlistprocesses@Finalization$qqrv",
            "ordinal": 228
          },
          {
            "address": "0x59841690",
            "name": "@Madlistprocesses@GetProcessList$qqrv",
            "ordinal": 229
          },
          {
            "address": "0x5984415c",
            "name": "@Madlistprocesses@initialization$qqrv",
            "ordinal": 227
          },
          {
            "address": "0x59845030",
            "name": "@Madmapfile@CMapFileStreamDescriptor",
            "ordinal": 17
          },
          {
            "address": "0x59807504",
            "name": "@Madmapfile@Finalization$qqrv",
            "ordinal": 2
          },
          {
            "address": "0x59806e18",
            "name": "@Madmapfile@FindMapFile$qqrpv",
            "ordinal": 7
          },
          {
            "address": "0x59807048",
            "name": "@Madmapfile@GetMapFileInfos$qqrpvr27System@%AnsiStringT$us$i0$%t2t2rpvri",
            "ordinal": 4
          },
          {
            "address": "0x59807158",
            "name": "@Madmapfile@GetMyProcName$qqro",
            "ordinal": 3
          },
          {
            "address": "0x59806f90",
            "name": "@Madmapfile@LoadMapFile$qqr27System@%AnsiStringT$us$i0$%o",
            "ordinal": 6
          },
          {
            "address": "0x59806fec",
            "name": "@Madmapfile@LoadMapFileEx$qqr27System@%AnsiStringT$us$i0$%o",
            "ordinal": 5
          },
          {
            "address": "0x59802400",
            "name": "@Madmapfile@TMapFile@",
            "ordinal": 19
          },
          {
            "address": "0x59805c48",
            "name": "@Madmapfile@TMapFile@$bctr$qqro27System@%AnsiStringT$us$i0$%uioo",
            "ordinal": 16
          },
          {
            "address": "0x598068fc",
            "name": "@Madmapfile@TMapFile@Export$qqrooo",
            "ordinal": 8
          },
          {
            "address": "0x59806358",
            "name": "@Madmapfile@TMapFile@FindLine$qqrpv",
            "ordinal": 10
          },
          {
            "address": "0x59806364",
            "name": "@Madmapfile@TMapFile@FindLine$qqrpvrpv",
            "ordinal": 9
          },
          {
            "address": "0x5980631c",
            "name": "@Madmapfile@TMapFile@FindPublic$qqri",
            "ordinal": 11
          },
          {
            "address": "0x598060c4",
            "name": "@Madmapfile@TMapFile@FindPublic$qqro27System@%AnsiStringT$us$i0$%t2o",
            "ordinal": 12
          },
          {
            "address": "0x59805fcc",
            "name": "@Madmapfile@TMapFile@FindPublic$qqrpv",
            "ordinal": 13
          },
          {
            "address": "0x59805f90",
            "name": "@Madmapfile@TMapFile@FindSegment$qqri",
            "ordinal": 14
          },
          {
            "address": "0x59805e7c",
            "name": "@Madmapfile@TMapFile@FindSegment$qqropv",
            "ordinal": 15
          },
          {
            "address": "0x59844034",
            "name": "@Madmapfile@initialization$qqrv",
            "ordinal": 1
          },
          {
            "address": "0x59816408",
            "name": "@Madnvassistant@CreateAssistant$qqr27System@%AnsiStringT$us$i0$%px27System@%AnsiStringT$us$i0$%xi45System@%DelphiInterface$t17System@IInterface%",
            "ordinal": 50
          },
          {
            "address": "0x59816610",
            "name": "@Madnvassistant@Finalization$qqrv",
            "ordinal": 48
          },
          {
            "address": "0x5984503c",
            "name": "@Madnvassistant@HandleContactFormProc",
            "ordinal": 52
          },
          {
            "address": "0x59845040",
            "name": "@Madnvassistant@HandleScreenshotFormProc",
            "ordinal": 51
          },
          {
            "address": "0x598164a0",
            "name": "@Madnvassistant@LoadAssistant$qqrui27System@%AnsiStringT$us$i0$%px27System@%AnsiStringT$us$i0$%xi45System@%DelphiInterface$t17System@IInterface%",
            "ordinal": 49
          },
          {
            "address": "0x59845038",
            "name": "@Madnvassistant@OnAssistantCreate",
            "ordinal": 53
          },
          {
            "address": "0x59844094",
            "name": "@Madnvassistant@initialization$qqrv",
            "ordinal": 47
          },
          {
            "address": "0x5980fb08",
            "name": "@Madnvbitmap@Finalization$qqrv",
            "ordinal": 42
          },
          {
            "address": "0x5980f954",
            "name": "@Madnvbitmap@LoadBitmap$qqr27System@%AnsiStringT$us$i0$%",
            "ordinal": 44
          },
          {
            "address": "0x5980fa50",
            "name": "@Madnvbitmap@ScreenShot$qqro",
            "ordinal": 43
          },
          {
            "address": "0x5984408c",
            "name": "@Madnvbitmap@initialization$qqrv",
            "ordinal": 41
          },
          {
            "address": "0x598084cc",
            "name": "@Madnvprgralert@Finalization$qqrv",
            "ordinal": 26
          },
          {
            "address": "0x59808450",
            "name": "@Madnvprgralert@NewProgressAlert$qqr27System@%AnsiStringT$us$i0$%uit1",
            "ordinal": 27
          },
          {
            "address": "0x5984407c",
            "name": "@Madnvprgralert@initialization$qqrv",
            "ordinal": 25
          },
          {
            "address": "0x598085e8",
            "name": "@Madstacktrace@BcbTermination@",
            "ordinal": 37
          },
          {
            "address": "0x5980c914",
            "name": "@Madstacktrace@FastMM_LogStackTrace$qqrpvipcoooo",
            "ordinal": 32
          },
          {
            "address": "0x5980cec4",
            "name": "@Madstacktrace@Finalization$qqrv",
            "ordinal": 30
          },
          {
            "address": "0x598095cc",
            "name": "@Madstacktrace@InternalError$qqr27System@%AnsiStringT$us$i0$%oo",
            "ordinal": 34
          },
          {
            "address": "0x5980cdd8",
            "name": "@Madstacktrace@PrepareStackTrace$qqruiuiuipvor52System@%DynamicArray$t27Madstacktrace@TPreStackItem%",
            "ordinal": 31
          },
          {
            "address": "0x59809308",
            "name": "@Madstacktrace@StackAddrToStr$qqrpvoo",
            "ordinal": 35
          },
          {
            "address": "0x5980c2a8",
            "name": "@Madstacktrace@StackTrace$qqrooop49System@%DynamicArray$t24Madstacktrace@TStackItem%pvoouiuit5ppvtbtb57System@%DelphiInterface$t29Madnvprgralert@IProgressAlert%uioot5popuitktjp52System@%DynamicArray$t27System@%AnsiStringT$us$i0$%%o",
            "ordinal": 33
          },
          {
            "address": "0x59844084",
            "name": "@Madstacktrace@initialization$qqrv",
            "ordinal": 29
          },
          {
            "address": "0x598435d4",
            "name": "Finalize",
            "ordinal": 240
          },
          {
            "address": "0x598435c8",
            "name": "Initialize",
            "ordinal": 241
          },
          {
            "address": "0x5983e2f0",
            "name": "madTraceProcess",
            "ordinal": 221
          }
        ],
        "dirents": [
          {
            "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
            "virtual_address": "0x0004d000",
            "size": "0x00003b7b"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
            "virtual_address": "0x0005afac",
            "size": "0x000005e4"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
            "virtual_address": "0x00056000",
            "size": "0x000035ac"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
            "virtual_address": "0x00053a00",
            "size": "0x00001940"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
            "virtual_address": "0x0005af54",
            "size": "0x00000008"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
            "virtual_address": "0x00051000",
            "size": "0x00000022"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_TLS",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_IAT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
            "virtual_address": "0x00000000",
            "size": "0x00100000"
          }
        ],
        "sections": [
          {
            "name": ".text",
            "raw_address": "0x00000400",
            "virtual_address": "0x00001000",
            "virtual_size": "0x00043000",
            "size_of_data": "0x00019a00",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xc0000040",
            "entropy": "8.00"
          },
          {
            "name": ".itext",
            "raw_address": "0x00019e00",
            "virtual_address": "0x00044000",
            "virtual_size": "0x00001000",
            "size_of_data": "0x00000200",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xc0000040",
            "entropy": "6.49"
          },
          {
            "name": ".data",
            "raw_address": "0x0001a000",
            "virtual_address": "0x00045000",
            "virtual_size": "0x00001000",
            "size_of_data": "0x00000400",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xc0000040",
            "entropy": "6.45"
          },
          {
            "name": ".bss",
            "raw_address": "0x0001a400",
            "virtual_address": "0x00046000",
            "virtual_size": "0x00001000",
            "size_of_data": "0x00000000",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xc0000040",
            "entropy": "0.00"
          },
          {
            "name": ".idata",
            "raw_address": "0x0001a400",
            "virtual_address": "0x00047000",
            "virtual_size": "0x00006000",
            "size_of_data": "0x00001800",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xc0000040",
            "entropy": "7.77"
          },
          {
            "name": ".edata",
            "raw_address": "0x0001bc00",
            "virtual_address": "0x0004d000",
            "virtual_size": "0x00004000",
            "size_of_data": "0x00003c00",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xc0000040",
            "entropy": "5.60"
          },
          {
            "name": ".rdata",
            "raw_address": "0x0001f800",
            "virtual_address": "0x00051000",
            "virtual_size": "0x00001000",
            "size_of_data": "0x00000200",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xc0000040",
            "entropy": "0.61"
          },
          {
            "name": ".reloc",
            "raw_address": "0x0001fa00",
            "virtual_address": "0x00052000",
            "virtual_size": "0x00004000",
            "size_of_data": "0x00002a00",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xc0000040",
            "entropy": "7.87"
          },
          {
            "name": ".rsrc",
            "raw_address": "0x00022400",
            "virtual_address": "0x00056000",
            "virtual_size": "0x00004000",
            "size_of_data": "0x00003600",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xc0000040",
            "entropy": "7.93"
          },
          {
            "name": ".aspack",
            "raw_address": "0x00025a00",
            "virtual_address": "0x0005a000",
            "virtual_size": "0x00002000",
            "size_of_data": "0x00001600",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xc0000040",
            "entropy": "5.95"
          },
          {
            "name": ".adata",
            "raw_address": "0x00027000",
            "virtual_address": "0x0005c000",
            "virtual_size": "0x00001000",
            "size_of_data": "0x00000000",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xc0000040",
            "entropy": "0.00"
          }
        ],
        "overlay": null,
        "resources": [
          {
            "name": "MAD",
            "offset": "0x000561f0",
            "size": "0x00000014",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "3.54"
          },
          {
            "name": "MAD",
            "offset": "0x00056204",
            "size": "0x000031ac",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "7.98"
          },
          {
            "name": "RT_RCDATA",
            "offset": "0x000593b0",
            "size": "0x00000044",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "5.72"
          },
          {
            "name": "RT_RCDATA",
            "offset": "0x000593f4",
            "size": "0x000000ec",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "7.00"
          },
          {
            "name": "RT_RCDATA",
            "offset": "0x000594e0",
            "size": "0x0000009c",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "6.40"
          },
          {
            "name": "RT_RCDATA",
            "offset": "0x0005957c",
            "size": "0x00000030",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "5.16"
          }
        ],
        "versioninfo": [],
        "imphash": "ff09d2fae397b6d7a0c71974690d55d9",
        "timestamp": "2009-09-15 16:20:46",
        "icon": null,
        "icon_hash": null,
        "icon_fuzzy": null,
        "icon_dhash": null,
        "imported_dll_count": 11
      },
      "data": null,
      "strings": [
        "no!+d",
        "qw\\+H",
        "@Madexcept@SysUtils_LoadPackage",
        "@Madexcept@BcbMemcpy",
        "Y4Sni",
        "k)+Oe0",
        "ShellExecuteExA",
        "wi:!W",
        "@Madexcept@RegisterBugReportPlugin$qqr27System@%AnsiStringT$us$i0$%t1pqqrv$20System@UnicodeStringo",
        "mgkky",
        "vB|fT",
        "3H.k{0",
        ">68:T",
        "W<lGn",
        "('H3vA",
        "@Madexcept@UnregisterHiddenExceptionHandler$qqrpqqrx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v",
        "$AGX0",
        "b{gzr",
        "I!=uMX^",
        "dg6j4b",
        "@Madexcept@RegisterBugReportPlugin$qqr27System@%AnsiStringT$us$i0$%t1pqqrx50System@%DelphiInterface$t22Madexcept@IMEException%$20System@UnicodeStringo",
        "@$xp$23Madexcept@TExceptSource",
        "@Madexcept@BcbExceptionHandler",
        "comdlg32.dll",
        "&iUS\\",
        "(e&!~",
        "hhWAs",
        "TextOutA",
        "SqHgQ",
        "fT{h;",
        "TB[mR",
        "@$xp$29Madnvassistant@TNVModalResult",
        "@Madexcept@GetAllocatedMemory$qqrv",
        "@Madexcept@CreateBugReport$qqr21Madexcept@TExceptTypep14System@TObjectpvuiuiuip8_CONTEXTo55System@%DelphiInterface$t27Madexcept@IMEModuleSettings%23Madexcept@TExceptSourcet2uit3",
        "@Madexcept@BcbInitExceptBlockLDTC",
        "}l\\v-",
        "@Madexcept@initialization$qqrv",
        "@Madnvassistant@CreateAssistant$qqr27System@%AnsiStringT$us$i0$%px27System@%AnsiStringT$us$i0$%xi45System@%DelphiInterface$t17System@IInterface%",
        "@Madnvbitmap@initialization$qqrv",
        "Hw&YY",
        "@Madstacktrace@StackTrace$qqrooop49System@%DynamicArray$t24Madstacktrace@TStackItem%pvoouiuit5ppvtbtb57System@%DelphiInterface$t29Madnvprgralert@IProgressAlert%uioot5popuitktjp52System@%DynamicArray$t27System@%AnsiStringT$us$i0$%%o",
        "OjbQ=",
        "H0RT8u",
        "@Madexcept@DontReformatExcMsg",
        "zMFX>",
        "aEPW8@",
        "=`g}zLde",
        "X)h{p==",
        "joJa'b",
        "*)q:D",
        "@Madlistprocesses@initialization$qqrv",
        "i3f+%",
        "pOvr`",
        "a|X^K",
        "D\"!}Zt",
        "> >0>88",
        "S5Yn_",
        "@$xp$24Madstacktrace@TStackItem",
        "SQs(h",
        "&Tt}!",
        "IoorH4",
        "N]i(F",
        "kTUj2g",
        "CI3'fC",
        ",]P@k",
        "@Madexcept@DetectConsole",
        "@Madexcept@UnregisterExceptActionHandler$qqrynpqqr23Madexcept@TExceptActionx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v",
        "@Madnvassistant@HandleContactFormProc",
        "_xLIG",
        "Gr3sW",
        "@Madexcept@System_ExceptionHandler",
        "MG%/V",
        "\"$32e",
        "8%!^v",
        "&OnhE",
        "B)dR9I",
        "@System@initialization$qqrv",
        "@Madexcept@CheckExceptParams$qqrrp14System@TObjectrpvt2rp8_CONTEXT",
        "XD4~`",
        ")y:he",
        "I,`\\z9",
        ",;F0s",
        "x=6@D",
        "ib)8G",
        "@Madexcept@GetThreadName$qqrui",
        "cQ)Rl",
        "\\K\"]R#",
        "4+5:mN",
        "]>/eDr",
        "/vN\\S",
        "@Madnvassistant@Finalization$qqrv",
        "UWLh0)",
        "-HRhlK",
        "e^(D1",
        ".rdata",
        "pkCnT",
        "@Madexcept@HiddenAutoMailing",
        "_xhm,i>",
        "USWXMTKV[\\YZ]",
        "/e!y{Ay",
        "@Madexcept@Forms_TApplication_HandleException",
        "@Madexcept@RegWriteStr$qqrui27System@%AnsiStringT$us$i0$%t2t2",
        "4Z8sJ",
        "@Madlistprocesses@GetProcessList$qqrv",
        "@Madexcept@SaveBugReport$qqr27System@%AnsiStringT$us$i0$%ui49System@%DelphiInterface$t21Madexcept@IMESettings%",
        "B\\&p>",
        "->:;m--9",
        "@Madexcept@NewFields$qqrv",
        "{SY8[",
        "Hj* DTC",
        "<v xp",
        "I}V-/",
        "@Madexcept@RegisterHiddenExceptionHandler$qqrynpqqrx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v19Madexcept@TSyncType",
        "yEuJiC",
        "=c,h[:",
        "maddisasm_.bpl",
        "@Madexcept@CGIApp_TCGIApplication_CGIHandleException",
        "@Madexcept@ExpandVars$qqruir27System@%AnsiStringT$us$i0$%27System@%AnsiStringT$us$i0$%t3t3",
        "R,BII",
        "@Madexcept@HandleContactForm$qqr50System@%DelphiInterface$t22Madnvassistant@INVForm%24Madnvassistant@TNVAction50System@%DelphiInterface$t22Madnvassistant@INVItem%50System@%DelphiInterface$t22Madexcept@IMEException%",
        "I%>F<GQA",
        ";L|Jf VkIUW;s,/",
        "@Madexcept@SendMapiMail$qqr27System@%AnsiStringT$us$i0$%t1t152System@%DelphiInterface$t24Madexcept@IMEAttachments%uioo49System@%DelphiInterface$t21Madexcept@IMESettings%",
        "CreateWindowExA",
        "wG)7m",
        ">\"ICr",
        "?sG5sG",
        "h|,CZ",
        "V}\"=j",
        "M)No;",
        "W@3iG",
        "Y> jx",
        "@Maddumpobj@DumpObj$qqrp14System@TObject",
        "e!=?b",
        "@Madexcept@Get9xResourceReport$qqrv",
        "`jinmfe@D",
        "<(tHW",
        "@Madexcept@GetProgramUpTime$qqrv",
        "@Madlistmodules@initialization$qqrv",
        "e%a\"pJ",
        "@Madexcept@UnregisterBugReportPlugin$qqr27System@%AnsiStringT$us$i0$%",
        "JuUOa",
        "@\\>bt!7",
        "NN>?%",
        "ls]se",
        "EWlr(",
        "[1]<{",
        "7RQTaTt",
        "]|0cb",
        "0tm!z",
        "~_\"T\\",
        "L}b2#",
        "@Madexcept@ResetFpuMode",
        "Initialize",
        "Oc2Xi",
        "!\"4(m ",
        "jT1}X",
        "@Madexcept@MxLookup$qqr27System@%AnsiStringT$us$i0$%",
        "P\\nDMrL_",
        "ksp0u",
        "sWB<y",
        "%~!2ZO",
        "@Madexcept_@@GetPackageInfoTable$qqrv",
        "|Ql|DIf",
        "comctl32.dll",
        "D365m",
        "PB,<+*",
        "[e|C2!",
        "@$xp$22Madexcept@Madexcept__2",
        "@Madmapfile@GetMyProcName$qqro",
        "X~RH?l",
        "3^^B/",
        "wJ\"h,5",
        "}#}Bd",
        "-Zr&UkN)O|E",
        "4zMlj",
        ">k<^L",
        "CALIBRATE",
        "%y+$=J",
        "\\1a^.",
        "@Madexcept@ShowBugReportKey",
        "I|/\\(",
        "]4|S[",
        "@$xp$26Madnvassistant@INVCheckBox",
        "@Madexcept@HyperJumpCallstack$qqr27System@%AnsiStringT$us$i0$%",
        "U#4Nn",
        "BBuo@",
        "^P,}Q",
        "~T0&z",
        "@Madmapfile@TMapFile@FindSegment$qqropv",
        "H_,f;",
        "uB$<t",
        "ElR0M6",
        "qn}?|",
        "[XPi+ ",
        "P]E'@N",
        "@Madexcept@CalibrateCode$qqrv",
        "KGB-!",
        "@$xp$26Madnvassistant@TOutputType",
        "&U[Wv/",
        "%:9%]",
        "\"G7w<zd6Cy",
        "@$xp$23Madmapfile@_TMapFile@_2",
        "@Maddisasm@initialization$qqrv",
        ";n&3 ",
        "@Madexcept@BcbThrowExceptionLDTC",
        "Qe0ji",
        "p^LGk",
        "cWGBy",
        "@Madexcept@AutoSendBugReport$qqr27System@%AnsiStringT$us$i0$%49System@%DelphiInterface$t21Madnvbitmap@INVBitmap%49System@%DelphiInterface$t21Madexcept@IMESettings%",
        "@Madexcept@ImNotFrozen$qqrv",
        "user32.dll",
        "@$xp$24Madexcept@IMEAttachments",
        "@Madexcept@ForceUtf8",
        "N,(t&3%>",
        "*'<4b}",
        "@Madexcept@BcbPTerminate",
        "@$xp$21Madnvbitmap@INVBitmap",
        "!7#\"5>",
        "@$xp$23Madnvassistant@INVImage",
        "XCtz*",
        "G5*$n",
        ">,?eL",
        "@Madexcept@GetThreadList$qqrv",
        "@Madlinkdisasm@initialization$qqrv",
        ";y n}",
        "@Madexcept@System_FinalizeUnits",
        "@Madmapfile@TMapFile@FindLine$qqrpv",
        "-_q_uY!",
        "@Madexcept@System_InitUnits",
        "@Madexcept@Qforms_TApplication_ShowException",
        "@4v~a",
        "@Madmapfile@Finalization$qqrv",
        "R8I%(0",
        "$MP(p",
        "C/][zj",
        "@Madexcept@CloseApplication$qqrv",
        "@Madexcept@UnregisterHiddenExceptionHandler$qqrynpqqrx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v",
        "LoadLibraryA",
        "@Madexcept@DontHookThreads$qqrv",
        "@Madexcept@MESettings$qqrpv",
        "SHGetPathFromIDListA",
        "ma$L{",
        "-x.][",
        "@3_By",
        "H+`03",
        "V,4Bc",
        "/swa/t",
        "7Lu,G",
        "c(u4`",
        "11-:$",
        "AEy,(",
        "B@!y`",
        ".rsrc",
        "mXURv&",
        "@$xp$22Madnvassistant@INVItem",
        "@Madmapfile@LoadMapFileEx$qqr27System@%AnsiStringT$us$i0$%o",
        "wsprintfA",
        "~M2!> z",
        "F;M-\\/",
        " #W}N",
        "xgtIv",
        "P_PRn",
        "@Madexcept@DecryptPassword$qqr27System@%AnsiStringT$us$i0$%t1t1",
        "GDi%`Q",
        "I\"e}TS'pz",
        "@Madnvprgralert@Finalization$qqrv",
        "^)*<%",
        "ZiL~8",
        "@Madexcept@GetMemoryStatus$qqrv",
        "@Madexcept@GetTSClientName$qqrv",
        "rd)yj",
        "@Madexcept@HttpUpload$qqr27System@%AnsiStringT$us$i0$%52System@%DelphiInterface$t24Madexcept@IMEAttachments%47System@%DelphiInterface$t19Madexcept@IMEFields%t1t1uit1uioo49System@%DelphiInterface$t21Madexcept@IMESettings%",
        "@Madmapfile@CMapFileStreamDescriptor",
        "mm*Mi5",
        "mtoKS;",
        "#dB-5",
        "psgWh",
        "B7Xs\"",
        "%F\"I,",
        "8ZTu(",
        "drU#f",
        "}6F$yA",
        "XP.YQW",
        "3`\\n)",
        "\"+^b<(",
        "Kq^~Q",
        "gT}e=",
        "p'mLHWI",
        "B/^ep2",
        "Iz0w4M",
        "@Madexcept@MESettings$qqrv",
        "9XRGX",
        "t\\%47A",
        "ei}_9",
        "@Madexcept@ProcessMainThreadId",
        "v@YU#'",
        ")=}i1g",
        ":ftxO",
        "madExcept_.bpl",
        "LNl/t",
        "b[pf,_|'m",
        "T\\Iu#",
        ";>H>mfat",
        "@$xp$27Madexcept@IMEModuleSettings",
        "@Madexcept@RegisterExceptActionHandler$qqrynpqqr23Madexcept@TExceptActionx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v19Madexcept@TSyncType",
        "bEY)XH",
        "1sD(a",
        "fA9)-",
        "@$xp$24Madnvassistant@TNVAction",
        "+BK9~",
        "KUX y",
        "@Madexcept@GetOsVersionString$qqrv",
        "@Madlistprocesses@Finalization$qqrv",
        "=yw-.",
        "YGP'~ ",
        "#!V@_$",
        "@Madexcept@SetTopmost$qqruio",
        "@Variants@initialization$qqrv",
        "jl$3:",
        "h}!>!G<B",
        "^|YQ^W",
        "A\"3@J",
        ">c0F.o",
        "c*RBG",
        ":jhty",
        "ysjpM",
        "(?k%b",
        "(* K7",
        "@Madstacktrace@Finalization$qqrv",
        "=+<.?V",
        ">;%\"[",
        "+z1^0",
        "Pr;,>MT",
        "D4l|M",
        "vFQS:<",
        "nd~Od6",
        "@Maddumpobj@Finalization$qqrv",
        ",p2?aX",
        "7^zWU3l;",
        "PACKAGEOPTIONS",
        "PrintDlgW",
        "9i#(h",
        "@Madexcept@GetDisplayModeString$qqrv",
        "&+,WA",
        "@Madexcept@PauseFreezeCheck$qqro",
        "8pKUV",
        "dbxsW",
        "}_u393:x",
        "1/3204.)+*(",
        "\"YQ2]",
        "D$$W3",
        "\"Uw!H!8",
        ">9#dc[",
        ".edata",
        "Gm;z28:F",
        "@Madexcept@MESettings$qqrui",
        "@Madexcept@BcbCallTerminate",
        "apt9E",
        "X%h?^+",
        "&X88Z",
        "@Madexcept@OnExceptBoxCreate",
        "m9riV`s",
        "kc|`b",
        "@Madexcept@SendBugReport$qqr27System@%AnsiStringT$us$i0$%49System@%DelphiInterface$t21Madnvbitmap@INVBitmap%ui49System@%DelphiInterface$t21Madexcept@IMESettings%",
        " \\W`0",
        "4g,,8qGF",
        "Ptn45E",
        "@Madnvbitmap@LoadBitmap$qqr27System@%AnsiStringT$us$i0$%",
        "k#U?0km:{;~",
        "@$xp$30Madexcept@TExceptActionEventOO",
        "@Madexcept@HttpExtensionProcNext",
        "@Madexcept@RegisterExceptionHandler$qqrpqqrx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v19Madexcept@TSyncType22Madexcept@TExceptPhase",
        "!+V] o",
        "b]|{O",
        "\"LHklH",
        ")Th*M",
        "@+E/=",
        "^WBWy",
        "n'2C\\q",
        "3?dkh=",
        "Yc |W",
        "&0Gx|",
        "@Madexcept@Plugins",
        "7-7/#",
        "-r`P+X",
        "iw7;}.H",
        "a,b%P",
        ">2v^N",
        "lnU8jZss/F",
        "@xpZI1",
        "r+v;V",
        "XW&1]",
        "@Madexcept@CloseAntiFreeze$qqrv",
        "kernel32.dll",
        "@Madexcept@InitAntiFreeze$qqrv",
        " (08@P`p",
        "&u;w{",
        "jxz0p_",
        "@Madexcept@Finalization$qqrv",
        "@Madexcept@SmtpMailFrom",
        "9{F9z",
        ".adata",
        "S8U[*",
        "~0h=UP",
        "GetModuleHandleA",
        "3)b/I3",
        "}+`S3",
        "qf{E9",
        "3wb,-",
        "smX6/F\"",
        "ML<Nt",
        "@Madexcept_@@PackageUnload$qqrv",
        "@*)]U9",
        "@Madexcept@OpenThread$qqruiui",
        "\\)$-PO",
        "^rK$s",
        ".)$O4",
        ",K6+2",
        "iS/{M~Fd",
        "GWwh{O3",
        "f7!O6e",
        "yd=7aH",
        "C65ge",
        "H]u~j",
        "ENvKH",
        "EXCEPT",
        "q~`H ",
        "=!G]r.",
        "877,.)9",
        "[=cJ\"",
        "VirtualAlloc",
        "6M)>I",
        "-oFYz",
        "%$A(0e",
        "t\"VF t",
        ".y#<<s",
        "R~C[2",
        "-$/L!",
        "yw4?>vt",
        "@Madmapfile@TMapFile@FindLine$qqrpvrpv",
        "?+3mZI",
        "-F_=$",
        "l8ocaQ$1!",
        "@Madexcept@GetThreadStackTrace$qqruiooop49System@%DynamicArray$t24Madstacktrace@TStackItem%57System@%DelphiInterface$t29Madnvprgralert@IProgressAlert%opuit8pop52System@%DynamicArray$t27System@%AnsiStringT$us$i0$%%",
        "KrnpB",
        "6}Bq.5",
        "@Madexcept@PrintBugReport$qqr27System@%AnsiStringT$us$i0$%ui49System@%DelphiInterface$t21Madexcept@IMESettings%",
        "m72y ",
        "@Madmapfile@TMapFile@Export$qqrooo",
        "@Madstrings@initialization$qqrv",
        "@Madcrypt@Decode$qqr27System@%AnsiStringT$us$i0$%",
        "ltM:f&",
        "TvGl$/i",
        "@Madmapfile@TMapFile@FindPublic$qqri",
        "@Madnvprgralert@NewProgressAlert$qqr27System@%AnsiStringT$us$i0$%uit1",
        "W`$i#",
        "@g~Yi",
        ".data",
        "@Madexcept@SysUtils_ShowException",
        ",oB7&Q6",
        "PABqXW",
        "\\T]EX>",
        "{=TM=",
        "c0.}0+",
        "GWm#9GR",
        "V[T^N",
        "dM.kn",
        "@Madexcept_@@PackageLoad$qqrv",
        "zU=jz",
        "@Sysconst@_SModuleAccessViolation",
        "@Madstacktrace@BcbTermination@",
        "=L? K",
        "@Madexcept@PauseMadExcept$qqro",
        "Q-or.",
        "j55)+o",
        ".text",
        "V3_,^",
        "vmImOS",
        "Es!n[",
        "7gfZK|M",
        "WSACleanup",
        "8\"fqP3",
        "@Madexcept@HookThreads$qqrv",
        ".3)_kHI:",
        "@Madexcept@SendSmtpMail$qqr27System@%AnsiStringT$us$i0$%t1t1t152System@%DelphiInterface$t24Madexcept@IMEAttachments%t1t1t1uiuioo49System@%DelphiInterface$t21Madexcept@IMESettings%",
        "*@D<{o",
        "RSMJ{BTA",
        "QE-HbN",
        "'-G+Z",
        "\\_1rI",
        "mW%Q|",
        "iPW4>",
        "Ja=2z",
        "U8][S",
        "a#L|T\"r$%",
        "GetProcAddress",
        "@Madstacktrace@initialization$qqrv",
        "mEN'=",
        "L\"d\\(-[",
        "@$xp$27Madnvassistant@INVAssistant",
        "@$xp$19Madmapfile@TMapFile",
        "dna<6",
        "@Madexcept@RegisterBugReportPlugin$qqr27System@%AnsiStringT$us$i0$%t1pqqrx50System@%DelphiInterface$t22Madexcept@IMEException%$27System@%AnsiStringT$us$i0$%o",
        "F7uR+",
        "$]icR",
        "TWpMzjL",
        ";T#{#",
        "_a7g?",
        "madbasic_.bpl",
        "0H16L",
        "<C)]o",
        "@Madexcept@Classes_CheckSynchronize",
        "@Madexcept@HttpUploadTimeout",
        "+?f|z",
        "@Madexcept@RegisterHiddenExceptionHandler$qqrpqqrx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v19Madexcept@TSyncType",
        "\\`j-Nk",
        "eda][",
        "@Madexcept@CloseAppExitCode",
        "6'_lD",
        "@Madexcept@ProxyServer",
        ".>xL-9",
        "@Madexcept@GetThreadCreatorAddr$qqrui",
        "@Madexcept@DumbStackTrace",
        "B!7bFb",
        "Ll\"o[",
        "GaE6^",
        "@Madexcept@BcbOrgMalloc",
        "7<}O#",
        "rG88Gj@",
        "lb!!4",
        "@Madexcept@SetFreezeTimeout$qqrui",
        ";;F,s",
        "shell32.dll",
        "@Madexcept@FillClipboard$qqr27System@%AnsiStringT$us$i0$%",
        "B3bjh",
        "O>9sU",
        ";9f>/",
        "@$xp$23Madnvassistant@INVLabel",
        "JU-jZ",
        "u?2}-/",
        "@Madnvprgralert@initialization$qqrv",
        "@Madnvbitmap@ScreenShot$qqro",
        "({zs4",
        "z&BT}",
        "ju6x2O",
        "dszx\\^",
        "$#o4?",
        "@Madmapfile@TMapFile@$bctr$qqro27System@%AnsiStringT$us$i0$%uioo",
        "@Madmapfile@FindMapFile$qqrpv",
        "q3>':",
        "aDq64P",
        ")OeB@R6",
        "aJvkz",
        "QOil,",
        "xC=}[",
        "qDodI",
        "@Madexcept@madTraceProcess$qqsi",
        "@Madmapfile@TMapFile@",
        "rVn_98",
        "bR5?n",
        "nAau=",
        "@Madexcept@CalibrateData",
        "SetSecurityDescriptorDacl",
        "|fTQ8K",
        "H<7l1 ",
        "{^2qsJ",
        "@Madexcept@RegisterExceptActionHandler$qqrpqqr23Madexcept@TExceptActionx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v19Madexcept@TSyncType",
        "K,?|o",
        "\\S?o&",
        "@Madnvassistant@OnAssistantCreate",
        "@Madexcept@GetCpuCount$qqrv",
        "6uTN\\",
        "wwf'x",
        "The ordinal %u could not be located in the dynamic link library %s",
        "ohNgc",
        "X}\"6H",
        "V?j{%hh=",
        "r QSw",
        "Y.9Y]]",
        "otg,:",
        ".reloc",
        "<k`b9P ",
        "@Madnvassistant@LoadAssistant$qqrui27System@%AnsiStringT$us$i0$%px27System@%AnsiStringT$us$i0$%xi45System@%DelphiInterface$t17System@IInterface%",
        ":v/5(l",
        "B`p-ay",
        "IK%dO",
        "_p}lwJ",
        "P*0AF",
        "#!k`Aky",
        "6}?./",
        "EMQ#e=k",
        "@$xp$28Madstacktrace@BcbTermination",
        "\"oXqL",
        " ;F4s",
        "PACKAGEINFO",
        "<RNSI&",
        "z%96W}Z",
        "MessageBoxA",
        "@$xp$19Madexcept@TMEDupDef",
        "@'lHr*",
        "*KnAB",
        "x]~D#",
        "The procedure entry point %s could not be located in the dynamic link library %s",
        "pPV0Y",
        "`2\\ko",
        "@GetPackageInfoTable",
        "+f}t]",
        "Yze+j{",
        "@Madexcept@RestartApplication$qqrv",
        "`z!~Fz",
        "ExitProcess",
        "@$xp$24Madexcept@TMEShowSetting",
        "yV^X2",
        "+./b*",
        "@Madexcept@GetOsLanguageString$qqrv",
        "cl8s1",
        "UA(u+JX",
        "8>w{,",
        "ck4)1J",
        "rtl120.bpl",
        "33333K",
        ":XDI!8T:-",
        "@Madexcept@DisAsmFunc",
        "JL\"UEl",
        "t*wlc",
        "madExcept 3.0k  -  www.madshi.net",
        "Au@D{",
        "E!m\"yq!",
        "S6.'3",
        "0G>4?",
        "@$xp$22Madexcept@TExceptPhase",
        "@Madexcept@AmHttpServer",
        "=7'&:?",
        "@Madexcept@RegDelVal$qqrui27System@%AnsiStringT$us$i0$%t2",
        "j,{oBO",
        "CC>jp",
        "LEqHk",
        "#`QO}",
        "@Madexcept@RegisterBugReportPlugin$qqr27System@%AnsiStringT$us$i0$%t1pqqrv$27System@%AnsiStringT$us$i0$%o",
        "SGo/\"",
        "02(<!",
        "jXM6%t",
        "0>h} ",
        "gdi32.dll",
        "(c2#'",
        "@$xp$23Madmapfile@_TMapFile@_1",
        "IuD&%",
        "UJ&De*",
        "AO+:f},",
        "/.p35",
        "N-@O_",
        "pf'.!+qb3",
        "2M,H)",
        "f5H5n5",
        "kxD'%",
        "247QN",
        "@$xp$19Madexcept@IMEFields",
        "fN1>v",
        "MlOZ&#",
        "5@bq>\\6am",
        "@Madmapfile@TMapFile@FindPublic$qqro27System@%AnsiStringT$us$i0$%t2o",
        "O!O=LR",
        "@Madexcept@AddCmdLineToBugRep",
        "DESCRIPTION",
        "}JU>!",
        "pvm2C",
        "&]w4r",
        ">6b)J",
        "pR?~;",
        "S_6 b",
        "@Madexcept@SendShellMail$qqr27System@%AnsiStringT$us$i0$%t1t1",
        "@Madnvassistant@HandleScreenshotFormProc",
        "TMADEXCEPT",
        "/+5h^",
        "rn'ScLly",
        "D=x;{cM",
        "@$xp$24Madnvassistant@INVButton",
        "@Madexcept@UnregisterExceptActionHandler$qqrpqqr23Madexcept@TExceptActionx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v",
        "y=r{7!Z",
        "@$xp$29Madnvprgralert@IProgressAlert",
        "Pll<b)",
        "\\WwzV",
        "3mj!g",
        "+K1M,@",
        "F1b#bN",
        "advapi32.dll",
        "c5}H^",
        "@Madexcept@NoOnlineCheck",
        ".itext",
        "v=umX?SN",
        "lrHW`$",
        "zylBA",
        "xH4tW",
        "@Madexcept@SysUtils_InitializePackage",
        "\\%~dF",
        "<T,A'",
        "N8T<#\"",
        "Rq5s_",
        "@Madstacktrace@InternalError$qqr27System@%AnsiStringT$us$i0$%oo",
        "y\\A[?vUi",
        "@Madnvassistant@initialization$qqrv",
        "Ycd3cch",
        "x'@({",
        "@Madstacktrace@StackAddrToStr$qqrpvoo",
        "avHB`",
        "6qx9Z",
        "%/wxr#j",
        "@$xp$19Madexcept@TSyncType",
        "@$xp$21Madexcept@TExceptType",
        "@Madmapfile@TMapFile@FindSegment$qqri",
        "LOADER ERROR",
        ",sRA~k]",
        "cZ`l@",
        "Ecp'HgU",
        "|(Ri9",
        "@$xp$22Madnvassistant@INVEdit",
        "@$xp$30Madexcept@TBugReportCallbackOO",
        "`5!`$",
        "OAPvKn59",
        "@$xp$22Madexcept@IMEException",
        "@Madexcept@GetExceptBoxHandle$qqrv",
        "qVJmq",
        "uA,>\\",
        "?0rtv",
        "@Madexcept@Ebp$qqrv",
        "@Madexcept@HandleException$qqr21Madexcept@TExceptTypep14System@TObjectpvouiuip8_CONTEXT23Madexcept@TExceptSourcet2uip27System@%AnsiStringT$us$i0$%",
        ">R:f{",
        "n6pnT",
        "EUmy0OO",
        "]8pu,",
        "/+J1e",
        "@Madexcept@GetCpuName$qqrv",
        "@Madexcept@NewException$qqr21Madexcept@TExceptTypep14System@TObjectpvouiuiuip8_CONTEXT55System@%DelphiInterface$t27Madexcept@IMEModuleSettings%23Madexcept@TExceptSourcet2uit3o",
        "@Madtools@initialization$qqrv",
        "@Madzip@Zip$qqr20System@UnicodeStringpx20System@UnicodeStringxix45System@%DynamicArray$t20System@UnicodeString%",
        "@$xp$25Madstacktrace@TStackTrace",
        "RY9x,",
        "Up^']",
        ">J{{{",
        "h!y}>xi",
        ";h1kZ",
        "@Madexcept@GetCrashStackTrace$qqrooop49System@%DynamicArray$t24Madstacktrace@TStackItem%57System@%DelphiInterface$t29Madnvprgralert@IProgressAlert%opuit7pop52System@%DynamicArray$t27System@%AnsiStringT$us$i0$%%",
        "aUo1M",
        "@Madexcept@ISAPIApp_TISAPIApplication_ISAPIHandleException",
        "=w`y<",
        "@Madstacktrace@FastMM_LogStackTrace$qqrpvipcoooo",
        "f*N82!",
        "jolZeXk",
        "JlXPj",
        "3O'fk",
        "m8vl+",
        "4#}gGtc",
        "fx.HJ",
        "@Madlisthardware@GetHardwareList$qqrv",
        "@Madexcept@Esp$qqrv",
        "nvaAR]",
        "Finalize",
        "{ `&[",
        "@Madexcept@Qforms_TApplication_HandleException",
        "IFB3J",
        "vMlNZ",
        "99Vg6",
        "@Madexcept@RegisterExceptionHandler$qqrynpqqrx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v19Madexcept@TSyncType22Madexcept@TExceptPhase",
        "@$xp$23Madexcept@TExceptAction",
        "HtzBo;C<",
        "@Madexcept@PutAssisIntoBugReport$qqr55System@%DelphiInterface$t27Madnvassistant@INVAssistant%50System@%DelphiInterface$t22Madexcept@IMEException%",
        "@Madmapfile@initialization$qqrv",
        "@Madnvbitmap@Finalization$qqrv",
        "h8KQGr",
        "B.K0)",
        "@$xp$24Madexcept@TExceptEventOO",
        "$NjPZ6",
        "a0KaI",
        "@Madlistmodules@GetModuleList$qqrv",
        "ZaNt|I,t",
        "@Madexcept@Forms_TApplication_ShowException",
        "}MaI:",
        "@$xp$20Madmapfile@TMfPublic",
        "K&4#d}",
        "NCq7~;1",
        "cdablkpohg",
        "\"0J:b",
        "@Madexcept@DontUseProxy",
        "ZLR.\\",
        "@Typinfo@initialization$qqrv",
        ",$27\\8",
        "^|nl2",
        "y+:P|",
        "I{jME",
        "@Maddumpobj@initialization$qqrv",
        "itz-+",
        "@Madexcept@BcbHelper_GetIntraWebVersion$qqrpv",
        "nX3/&",
        ".idata",
        "@Madlisthardware@initialization$qqrv",
        "1GbQ9",
        "qacTn",
        "@Madexcept@NewAttachments$qqrv",
        "\\~pY?",
        "Nz\"@G",
        "R({Cv",
        "1$W_~",
        "@Madexcept@IsUserAdmin$qqrv",
        "@Madexcept@BugReportHtml",
        "RWG>_M-",
        "d[wvj",
        "%/sn|",
        "@Madexcept@UnregisterExceptionHandler$qqrpqqrx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v",
        "mE1;E",
        "}Nks>",
        "{C.K~",
        "@$xp$21Madexcept@IMESettings",
        "|ItkI",
        "]@41U",
        "This program must be run under Win32",
        "@Madexcept@AmOnline$qqro",
        "V|KP&",
        "lNR7E",
        "c;pSa",
        "q+DX:",
        "onZrB",
        "@Madmapfile@TMapFile@FindPublic$qqrpv",
        "h)~/.",
        "Smb_n",
        "%i#fe",
        "@Madstacktrace@PrepareStackTrace$qqruiuiuipvor52System@%DynamicArray$t27Madstacktrace@TPreStackItem%",
        ".:Bj.2Bi",
        "x]wvN",
        "N.?v=",
        "@Varutils@initialization$qqrv",
        "@Madmapfile@LoadMapFile$qqr27System@%AnsiStringT$us$i0$%o",
        "@Madexcept@RegReadStr$qqrui27System@%AnsiStringT$us$i0$%t2",
        ";;%uh",
        "@Sysutils@initialization$qqrv",
        "B-5lr6",
        "^iFO*",
        "^6KSV",
        "fx{mn_",
        "@Madlinkdisasm@Finalization$qqrv",
        ":p;c$",
        "jVTO_",
        "HaDOpG7/",
        "<d~$yh",
        "7S;2(\\",
        "@Madexcept@IsThreadSuspended$qqruiui",
        "Z{b{m",
        "@Madexcept@NameThread$qqrui27System@%AnsiStringT$us$i0$%",
        "h<6}t",
        "@$xp$19Madexcept@TMEButton",
        ";ZPc&",
        "@Madmapfile@GetMapFileInfos$qqrpvr27System@%AnsiStringT$us$i0$%t2t2rpvri",
        "UW*;}E",
        "@Madexcept@AutoSaveBugReport$qqr27System@%AnsiStringT$us$i0$%49System@%DelphiInterface$t21Madexcept@IMESettings%",
        "rH=L*",
        "_JoK`u",
        ":cV}c",
        "@Madexcept@FormatExceptMessage$qqr27System@%AnsiStringT$us$i0$%",
        "b7qGP",
        "pH=aHMk",
        "@Madexcept@PauseMeEventually$qqrv",
        "6_(UK",
        "3n>b7",
        "*W1Ws",
        "@$xp$22Madexcept@Madexcept__1",
        "tbCnZ",
        "(a\"gydU",
        "#_rwL*E",
        "l,tqq",
        "E8@gR",
        "x-#S(",
        "ImageList_Destroy",
        "Hv\\>M",
        "62GSL",
        "#(dCYP",
        "E2'_N",
        "T9Z'j",
        "-~81N",
        "7E,[F",
        "D}ePi",
        "@$xp$22Madnvbitmap@TPngFormat",
        "@Madexcept@GetSystemUpTime$qqrv",
        "|VA]&",
        "@$xp$23Madmapfile@_TMapFile@_3",
        "d}z/;",
        "^}=OCd",
        "1#@mg",
        "VirtualFree",
        "EJj&e",
        "g=JJ_",
        "@Madexcept@PatchInt$qqrpvi",
        "Jah\"T",
        "PP&`Ey",
        "bDkns",
        "a?O[%",
        "T@2ky",
        "C|'Jo",
        "@Madexcept@GetThreadInfos$qqruiruit2t2t2riro",
        "]Ok4dJ",
        ": Xmy",
        "@Madexcept@UnregisterExceptionHandler$qqrynpqqrx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v",
        ")8QYf",
        "=eN[^b",
        "Wdu,0",
        "oaZa\\",
        "?z?CU~",
        "H\"GIs",
        "!\\ 5C",
        "@Madlisthardware@Finalization$qqrv",
        "V\\_Y.H",
        "/}p9rWX",
        "@$xp$21Madmapfile@TMfSegment",
        "@$xp$22Madnvassistant@INVForm",
        "@Madexcept@OnExceptBoxDestroy",
        "@Madexcept_@initialization$qqrv",
        "@Madlistmodules@Finalization$qqrv",
        "(#Foc",
        ".aspack",
        "@Madtypes@MadException@$bctr$qqrx20System@UnicodeString",
        "@$xp$29Madstacktrace@TDAPreStackItem",
        "3Ucu>y",
        "1^C%.",
        "Uw 4:",
        ";O\\LF",
        "GYdBX",
        "_C;z h",
        "@Madexcept@InstallUnhandledExceptionFilter$qqrv",
        "wsock32.dll",
        "fdpDQ",
        "*pU'!*",
        "W.ml1",
        "@Madexcept@CMadExceptVersionString",
        "eJ^(O",
        "U1#Wfr",
        "dyjWb",
        "{Ng&=",
        "lfQVm",
        ">2B58u",
        "/r{aOm",
        "@Madexcept@PatchJmp$qqrpvt1",
        "madTraceProcess",
        "Q\"nE|",
        "%We5l",
        "@Madexcept@HandleScreenshotForm$qqr50System@%DelphiInterface$t22Madnvassistant@INVForm%24Madnvassistant@TNVAction50System@%DelphiInterface$t22Madnvassistant@INVItem%50System@%DelphiInterface$t22Madexcept@IMEException%",
        "Ai&'2keV",
        "@Madexcept@System_runErrMsg",
        "@Madexcept@DefaultBugReportHtml$qqr27System@%AnsiStringT$us$i0$%49System@%DelphiInterface$t21Madexcept@IMESettings%"
      ],
      "virustotal": {
        "names": [
          "madexcept_.bpl",
          "s06zu.exe",
          "eb90ab3c6321cbe8ec6763de4b880277b4120b739c8b88ebedea51cd0e097107.dll",
          "c226aa908267a64298beebc49f3ad03b18faf91b.dll.vir",
          "mmx9z.exe",
          "2udn4.exe",
          "9p5rj.exe",
          "bijzn.exe",
          "ia5nv1tk9.exe",
          "hjtzj0npk.exe",
          "u84e09mh.exe",
          "s56r6vh.exe",
          "eb90ab3c6321cbe8ec6763de4b880277b4120b739c8b88ebedea51cd0e097107-dropped.bin",
          "VirusShare_0cf6e4d3833971977e610b59cb402522",
          "madexcept_",
          "output.144576022.txt",
          "myfile.exe",
          "madexcept_ (2).bpl",
          "e80ceaf4d93052eff131af71bd04a147aeb4d350b4296dde26977bdf79e75c42"
        ],
        "scan_id": "eb90ab3c6321cbe8ec6763de4b880277b4120b739c8b88ebedea51cd0e097107",
        "md5": "0cf6e4d3833971977e610b59cb402522",
        "sha1": "c226aa908267a64298beebc49f3ad03b18faf91b",
        "sha256": "eb90ab3c6321cbe8ec6763de4b880277b4120b739c8b88ebedea51cd0e097107",
        "tlsh": "T10DF3F0BBFCCD50A7D1CDE17B2476A90285EE0A1005BFD1AED0E9851A7CDA4E4272C71B",
        "positives": 0,
        "total": 76,
        "permalink": "https://www.virustotal.com/api/v3/files/eb90ab3c6321cbe8ec6763de4b880277b4120b739c8b88ebedea51cd0e097107",
        "scans": {},
        "resource": "eb90ab3c6321cbe8ec6763de4b880277b4120b739c8b88ebedea51cd0e097107",
        "results": [
          {
            "vendor": "Bkav",
            "sig": null
          },
          {
            "vendor": "Lionic",
            "sig": null
          },
          {
            "vendor": "Elastic",
            "sig": null
          },
          {
            "vendor": "MicroWorld-eScan",
            "sig": null
          },
          {
            "vendor": "ClamAV",
            "sig": null
          },
          {
            "vendor": "CTX",
            "sig": null
          },
          {
            "vendor": "CAT-QuickHeal",
            "sig": null
          },
          {
            "vendor": "ALYac",
            "sig": null
          },
          {
            "vendor": "Cylance",
            "sig": null
          },
          {
            "vendor": "Zillya",
            "sig": null
          },
          {
            "vendor": "Sangfor",
            "sig": null
          },
          {
            "vendor": "K7AntiVirus",
            "sig": null
          },
          {
            "vendor": "Alibaba",
            "sig": null
          },
          {
            "vendor": "K7GW",
            "sig": null
          },
          {
            "vendor": "CrowdStrike",
            "sig": null
          },
          {
            "vendor": "Baidu",
            "sig": null
          },
          {
            "vendor": "VirIT",
            "sig": null
          },
          {
            "vendor": "Symantec",
            "sig": null
          },
          {
            "vendor": "tehtris",
            "sig": null
          },
          {
            "vendor": "ESET-NOD32",
            "sig": null
          },
          {
            "vendor": "Zoner",
            "sig": null
          },
          {
            "vendor": "APEX",
            "sig": null
          },
          {
            "vendor": "Paloalto",
            "sig": null
          },
          {
            "vendor": "Cynet",
            "sig": null
          },
          {
            "vendor": "Kaspersky",
            "sig": null
          },
          {
            "vendor": "BitDefender",
            "sig": null
          },
          {
            "vendor": "NANO-Antivirus",
            "sig": null
          },
          {
            "vendor": "SUPERAntiSpyware",
            "sig": null
          },
          {
            "vendor": "Tencent",
            "sig": null
          },
          {
            "vendor": "Sophos",
            "sig": null
          },
          {
            "vendor": "F-Secure",
            "sig": null
          },
          {
            "vendor": "DrWeb",
            "sig": null
          },
          {
            "vendor": "VIPRE",
            "sig": null
          },
          {
            "vendor": "TrendMicro",
            "sig": null
          },
          {
            "vendor": "McAfeeD",
            "sig": null
          },
          {
            "vendor": "Trapmine",
            "sig": null
          },
          {
            "vendor": "CMC",
            "sig": null
          },
          {
            "vendor": "Emsisoft",
            "sig": null
          },
          {
            "vendor": "SentinelOne",
            "sig": null
          },
          {
            "vendor": "Jiangmin",
            "sig": null
          },
          {
            "vendor": "Webroot",
            "sig": null
          },
          {
            "vendor": "Google",
            "sig": null
          },
          {
            "vendor": "Avira",
            "sig": null
          },
          {
            "vendor": "Antiy-AVL",
            "sig": null
          },
          {
            "vendor": "Kingsoft",
            "sig": null
          },
          {
            "vendor": "Microsoft",
            "sig": null
          },
          {
            "vendor": "Gridinsoft",
            "sig": null
          },
          {
            "vendor": "Xcitium",
            "sig": null
          },
          {
            "vendor": "Arcabit",
            "sig": null
          },
          {
            "vendor": "ViRobot",
            "sig": null
          },
          {
            "vendor": "ZoneAlarm",
            "sig": null
          },
          {
            "vendor": "GData",
            "sig": null
          },
          {
            "vendor": "Varist",
            "sig": null
          },
          {
            "vendor": "AhnLab-V3",
            "sig": null
          },
          {
            "vendor": "Acronis",
            "sig": null
          },
          {
            "vendor": "VBA32",
            "sig": null
          },
          {
            "vendor": "TACHYON",
            "sig": null
          },
          {
            "vendor": "DeepInstinct",
            "sig": null
          },
          {
            "vendor": "Malwarebytes",
            "sig": null
          },
          {
            "vendor": "Ikarus",
            "sig": null
          },
          {
            "vendor": "TrendMicro-HouseCall",
            "sig": null
          },
          {
            "vendor": "Rising",
            "sig": null
          },
          {
            "vendor": "Yandex",
            "sig": null
          },
          {
            "vendor": "TrellixENS",
            "sig": null
          },
          {
            "vendor": "huorong",
            "sig": null
          },
          {
            "vendor": "MaxSecure",
            "sig": null
          },
          {
            "vendor": "Fortinet",
            "sig": null
          },
          {
            "vendor": "Panda",
            "sig": null
          },
          {
            "vendor": "alibabacloud",
            "sig": null
          },
          {
            "vendor": "Skyhigh",
            "sig": null
          },
          {
            "vendor": "Avast",
            "sig": null
          },
          {
            "vendor": "AVG",
            "sig": null
          },
          {
            "vendor": "Trustlook",
            "sig": null
          },
          {
            "vendor": "SymantecMobileInsight",
            "sig": null
          },
          {
            "vendor": "BitDefenderFalx",
            "sig": null
          },
          {
            "vendor": "Avast-Mobile",
            "sig": null
          }
        ],
        "detection": ""
      },
      "executed_tools": [
        "overlay",
        "msi_extract",
        "kixtart_extract",
        "vbe_extract",
        "batch_extract",
        "UnAutoIt_extract",
        "UPX_unpack",
        "RarSFX_extract",
        "Inno_extract",
        "SevenZip_unpack",
        "de4dot_deobfuscate",
        "eziriz_deobfuscate",
        "office_one"
      ],
      "cape_type_code": 0,
      "cape_type": ""
    }
  },
  "CAPE": {
    "payloads": [],
    "configs": []
  },
  "info": {
    "version": "2.5",
    "started": "2026-03-05 00:18:19",
    "ended": "2026-03-05 00:22:45",
    "duration": 266,
    "id": 4,
    "category": "file",
    "custom": "",
    "machine": {
      "id": 8,
      "status": "stopping",
      "name": "win10x64",
      "label": "win10x64",
      "platform": "windows",
      "manager": "KVM",
      "started_on": "2026-03-05 00:18:19",
      "shutdown_on": "2026-03-05 00:22:45"
    },
    "package": "dll",
    "timeout": true,
    "tlp": null,
    "parent_sample": null,
    "options": {},
    "source_url": null,
    "route": "",
    "user_id": 0,
    "CAPE_current_commit": "a9a0887dab232f52c59e955b9984dd494c47ce6b"
  },
  "behavior": {
    "processes": [
      {
        "process_id": 352,
        "process_name": "rundll32.exe",
        "parent_id": 3404,
        "module_path": "C:\\Windows\\SysWOW64\\rundll32.exe",
        "first_seen": "2026-03-04 21:19:00,185",
        "calls": [
          {
            "timestamp": "2026-03-04 21:19:01,326",
            "thread_id": "4516",
            "caller": "0x75c54faa",
            "parentcaller": "0x769a4cce",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769b5000"
              },
              {
                "name": "ModuleName",
                "value": "imagehlp.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 0
          },
          {
            "timestamp": "2026-03-04 21:19:01,326",
            "thread_id": "4516",
            "caller": "0x75c496ea",
            "parentcaller": "0x769a4c2c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetThreadContext"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x760a38d0"
              }
            ],
            "repeated": 0,
            "id": 1
          },
          {
            "timestamp": "2026-03-04 21:19:01,326",
            "thread_id": "4516",
            "caller": "0x75c496ea",
            "parentcaller": "0x769a4c2c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetThreadTimes"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76091f70"
              }
            ],
            "repeated": 0,
            "id": 2
          },
          {
            "timestamp": "2026-03-04 21:19:01,326",
            "thread_id": "4516",
            "caller": "0x75c496ea",
            "parentcaller": "0x769a4c2c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "IsProcessorFeaturePresent"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76090b70"
              }
            ],
            "repeated": 0,
            "id": 3
          },
          {
            "timestamp": "2026-03-04 21:19:01,326",
            "thread_id": "4516",
            "caller": "0x75c496ea",
            "parentcaller": "0x769a4c2c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "OpenThread"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7608f5b0"
              }
            ],
            "repeated": 0,
            "id": 4
          },
          {
            "timestamp": "2026-03-04 21:19:01,326",
            "thread_id": "4516",
            "caller": "0x75c496ea",
            "parentcaller": "0x769a4c2c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "ProcessIdToSessionId"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76090b90"
              }
            ],
            "repeated": 0,
            "id": 5
          },
          {
            "timestamp": "2026-03-04 21:19:01,326",
            "thread_id": "4516",
            "caller": "0x75c496ea",
            "parentcaller": "0x769a4c2c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "SetProcessShutdownParameters"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76089540"
              }
            ],
            "repeated": 0,
            "id": 6
          },
          {
            "timestamp": "2026-03-04 21:19:01,326",
            "thread_id": "4516",
            "caller": "0x75c496ea",
            "parentcaller": "0x769a4c2c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "SetThreadContext"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x760a4d20"
              }
            ],
            "repeated": 0,
            "id": 7
          },
          {
            "timestamp": "2026-03-04 21:19:01,326",
            "thread_id": "4516",
            "caller": "0x75c496ea",
            "parentcaller": "0x769a4c2c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76070000"
              },
              {
                "name": "FunctionName",
                "value": "GetProcessId"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76090c20"
              }
            ],
            "repeated": 0,
            "id": 8
          },
          {
            "timestamp": "2026-03-04 21:19:01,326",
            "thread_id": "4516",
            "caller": "0x75c54faa",
            "parentcaller": "0x769a4d2f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769b5000"
              },
              {
                "name": "ModuleName",
                "value": "imagehlp.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9
          },
          {
            "timestamp": "2026-03-04 21:19:01,326",
            "thread_id": "4516",
            "caller": "0x75c54faa",
            "parentcaller": "0x769a4cce",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769b5000"
              },
              {
                "name": "ModuleName",
                "value": "imagehlp.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10
          },
          {
            "timestamp": "2026-03-04 21:19:01,326",
            "thread_id": "4516",
            "caller": "0x75c54faa",
            "parentcaller": "0x769a4d2f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769b5000"
              },
              {
                "name": "ModuleName",
                "value": "imagehlp.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11
          },
          {
            "timestamp": "2026-03-04 21:19:01,326",
            "thread_id": "4516",
            "caller": "0x7796007d",
            "parentcaller": "0x75c4648d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 12
          },
          {
            "timestamp": "2026-03-04 21:19:01,326",
            "thread_id": "4516",
            "caller": "0x7796007d",
            "parentcaller": "0x75c4648d",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\SysWOW64\\imagehlp"
              },
              {
                "name": "BaseAddress",
                "value": "0x769a0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x769a6560"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 13
          },
          {
            "timestamp": "2026-03-04 21:19:01,326",
            "thread_id": "4516",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 14
          },
          {
            "timestamp": "2026-03-04 21:19:01,326",
            "thread_id": "4516",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 15
          },
          {
            "timestamp": "2026-03-04 21:19:01,326",
            "thread_id": "2784",
            "caller": "0x77981c0e",
            "parentcaller": "0x7797dbb1",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000007c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 3,
            "id": 16
          },
          {
            "timestamp": "2026-03-04 21:19:01,342",
            "thread_id": "4516",
            "caller": "0x008e5f1a",
            "parentcaller": "0x008e5fdd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00863000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17
          },
          {
            "timestamp": "2026-03-04 21:19:01,342",
            "thread_id": "4516",
            "caller": "0x008e5f1a",
            "parentcaller": "0x008e5fdd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00864000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18
          },
          {
            "timestamp": "2026-03-04 21:19:01,342",
            "thread_id": "4516",
            "caller": "0x008e4168",
            "parentcaller": "0x008e6078",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "34",
                "pretty_value": "ProcessExecuteFlags"
              },
              {
                "name": "ProcessInformation",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 19
          },
          {
            "timestamp": "2026-03-04 21:19:01,342",
            "thread_id": "4516",
            "caller": "0x008e40d8",
            "parentcaller": "0x008e41fe",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "164"
              }
            ],
            "repeated": 0,
            "id": 20
          },
          {
            "timestamp": "2026-03-04 21:19:01,342",
            "thread_id": "4516",
            "caller": "0x008e4290",
            "parentcaller": "0x008e6078",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 21
          },
          {
            "timestamp": "2026-03-04 21:19:01,342",
            "thread_id": "4516",
            "caller": "0x008e59c5",
            "parentcaller": "0x008e42a3",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sample.dll.manifest"
              }
            ],
            "repeated": 0,
            "id": 22
          },
          {
            "timestamp": "2026-03-04 21:19:01,342",
            "thread_id": "4516",
            "caller": "0x008e5a1d",
            "parentcaller": "0x008e42a3",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x001200a9",
                "pretty_value": "FILE_GENERIC_READ|FILE_GENERIC_EXECUTE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sample.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 23
          },
          {
            "timestamp": "2026-03-04 21:19:01,342",
            "thread_id": "4516",
            "caller": "0x008e5a1d",
            "parentcaller": "0x008e42a3",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004",
                "pretty_value": "SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000002c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sample.dll"
              }
            ],
            "repeated": 0,
            "id": 24
          },
          {
            "timestamp": "2026-03-04 21:19:01,342",
            "thread_id": "4516",
            "caller": "0x008e5a1d",
            "parentcaller": "0x008e42a3",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x40000003",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05c90000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0005d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 25
          },
          {
            "timestamp": "2026-03-04 21:19:01,342",
            "thread_id": "4516",
            "caller": "0x008e5a1d",
            "parentcaller": "0x008e42a3",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
              }
            ],
            "repeated": 0,
            "id": 26
          },
          {
            "timestamp": "2026-03-04 21:19:01,342",
            "thread_id": "4516",
            "caller": "0x008e5a1d",
            "parentcaller": "0x008e42a3",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d0"
              },
              {
                "name": "ValueName",
                "value": "PreferExternalManifest"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest"
              }
            ],
            "repeated": 0,
            "id": 27
          },
          {
            "timestamp": "2026-03-04 21:19:01,357",
            "thread_id": "4516",
            "caller": "0x008e5a1d",
            "parentcaller": "0x008e42a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d0"
              }
            ],
            "repeated": 0,
            "id": 28
          },
          {
            "timestamp": "2026-03-04 21:19:01,560",
            "thread_id": "3804",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 29
          },
          {
            "timestamp": "2026-03-04 21:19:01,560",
            "thread_id": "3804",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 30
          },
          {
            "timestamp": "2026-03-04 21:19:01,560",
            "thread_id": "4516",
            "caller": "0x008e5a1d",
            "parentcaller": "0x008e42a3",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x001200a9",
                "pretty_value": "FILE_GENERIC_READ|FILE_GENERIC_EXECUTE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sample.dll.123.Manifest"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 31
          },
          {
            "timestamp": "2026-03-04 21:19:01,576",
            "thread_id": "2784",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 32
          },
          {
            "timestamp": "2026-03-04 21:19:01,576",
            "thread_id": "2784",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 33
          },
          {
            "timestamp": "2026-03-04 21:19:01,576",
            "thread_id": "2172",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 34
          },
          {
            "timestamp": "2026-03-04 21:19:01,576",
            "thread_id": "2172",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 35
          },
          {
            "timestamp": "2026-03-04 21:19:01,576",
            "thread_id": "6416",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 36
          },
          {
            "timestamp": "2026-03-04 21:19:01,576",
            "thread_id": "6416",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 37
          },
          {
            "timestamp": "2026-03-04 21:19:01,607",
            "thread_id": "4516",
            "caller": "0x008e5a1d",
            "parentcaller": "0x008e42a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 38
          },
          {
            "timestamp": "2026-03-04 21:19:01,607",
            "thread_id": "4516",
            "caller": "0x008e5a1d",
            "parentcaller": "0x008e42a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b4"
              }
            ],
            "repeated": 0,
            "id": 39
          },
          {
            "timestamp": "2026-03-04 21:19:01,607",
            "thread_id": "4516",
            "caller": "0x008e5a1d",
            "parentcaller": "0x008e42a3",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05c90000"
              },
              {
                "name": "RegionSize",
                "value": "0x0005d000"
              }
            ],
            "repeated": 0,
            "id": 40
          },
          {
            "timestamp": "2026-03-04 21:19:01,607",
            "thread_id": "4516",
            "caller": "0x008e5a3e",
            "parentcaller": "0x008e42a3",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x001200a9",
                "pretty_value": "FILE_GENERIC_READ|FILE_GENERIC_EXECUTE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sample.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 41
          },
          {
            "timestamp": "2026-03-04 21:19:01,607",
            "thread_id": "4516",
            "caller": "0x008e5a3e",
            "parentcaller": "0x008e42a3",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004",
                "pretty_value": "SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000002b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sample.dll"
              }
            ],
            "repeated": 0,
            "id": 42
          },
          {
            "timestamp": "2026-03-04 21:19:01,607",
            "thread_id": "4516",
            "caller": "0x008e5a3e",
            "parentcaller": "0x008e42a3",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x40000003",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05c90000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0005d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 43
          },
          {
            "timestamp": "2026-03-04 21:19:01,607",
            "thread_id": "4516",
            "caller": "0x008e5a3e",
            "parentcaller": "0x008e42a3",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
              }
            ],
            "repeated": 0,
            "id": 44
          },
          {
            "timestamp": "2026-03-04 21:19:01,607",
            "thread_id": "4516",
            "caller": "0x008e5a3e",
            "parentcaller": "0x008e42a3",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "PreferExternalManifest"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest"
              }
            ],
            "repeated": 0,
            "id": 45
          },
          {
            "timestamp": "2026-03-04 21:19:01,607",
            "thread_id": "4516",
            "caller": "0x008e5a3e",
            "parentcaller": "0x008e42a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 46
          },
          {
            "timestamp": "2026-03-04 21:19:01,623",
            "thread_id": "4516",
            "caller": "0x008e5a3e",
            "parentcaller": "0x008e42a3",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x001200a9",
                "pretty_value": "FILE_GENERIC_READ|FILE_GENERIC_EXECUTE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sample.dll.124.Manifest"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 47
          },
          {
            "timestamp": "2026-03-04 21:19:01,623",
            "thread_id": "4516",
            "caller": "0x008e5a3e",
            "parentcaller": "0x008e42a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b4"
              }
            ],
            "repeated": 0,
            "id": 48
          },
          {
            "timestamp": "2026-03-04 21:19:01,623",
            "thread_id": "4516",
            "caller": "0x008e5a3e",
            "parentcaller": "0x008e42a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 49
          },
          {
            "timestamp": "2026-03-04 21:19:01,623",
            "thread_id": "4516",
            "caller": "0x008e5a3e",
            "parentcaller": "0x008e42a3",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05c90000"
              },
              {
                "name": "RegionSize",
                "value": "0x0005d000"
              }
            ],
            "repeated": 0,
            "id": 50
          },
          {
            "timestamp": "2026-03-04 21:19:01,623",
            "thread_id": "4516",
            "caller": "0x008e5a5f",
            "parentcaller": "0x008e42a3",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x001200a9",
                "pretty_value": "FILE_GENERIC_READ|FILE_GENERIC_EXECUTE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sample.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 51
          },
          {
            "timestamp": "2026-03-04 21:19:01,623",
            "thread_id": "4516",
            "caller": "0x008e5a5f",
            "parentcaller": "0x008e42a3",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004",
                "pretty_value": "SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000002c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sample.dll"
              }
            ],
            "repeated": 0,
            "id": 52
          },
          {
            "timestamp": "2026-03-04 21:19:01,623",
            "thread_id": "4516",
            "caller": "0x008e5a5f",
            "parentcaller": "0x008e42a3",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x40000003",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05c90000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0005d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 53
          },
          {
            "timestamp": "2026-03-04 21:19:01,623",
            "thread_id": "4516",
            "caller": "0x008e5a5f",
            "parentcaller": "0x008e42a3",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
              }
            ],
            "repeated": 0,
            "id": 54
          },
          {
            "timestamp": "2026-03-04 21:19:01,623",
            "thread_id": "4516",
            "caller": "0x008e5a5f",
            "parentcaller": "0x008e42a3",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "PreferExternalManifest"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest"
              }
            ],
            "repeated": 0,
            "id": 55
          },
          {
            "timestamp": "2026-03-04 21:19:01,623",
            "thread_id": "4516",
            "caller": "0x008e5a5f",
            "parentcaller": "0x008e42a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 56
          },
          {
            "timestamp": "2026-03-04 21:19:01,623",
            "thread_id": "4516",
            "caller": "0x008e5a5f",
            "parentcaller": "0x008e42a3",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x001200a9",
                "pretty_value": "FILE_GENERIC_READ|FILE_GENERIC_EXECUTE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sample.dll.2.Manifest"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 57
          },
          {
            "timestamp": "2026-03-04 21:19:01,623",
            "thread_id": "4516",
            "caller": "0x008e5a5f",
            "parentcaller": "0x008e42a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 58
          },
          {
            "timestamp": "2026-03-04 21:19:01,623",
            "thread_id": "4516",
            "caller": "0x008e5a5f",
            "parentcaller": "0x008e42a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b4"
              }
            ],
            "repeated": 0,
            "id": 59
          },
          {
            "timestamp": "2026-03-04 21:19:01,623",
            "thread_id": "4516",
            "caller": "0x008e5a5f",
            "parentcaller": "0x008e42a3",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05c90000"
              },
              {
                "name": "RegionSize",
                "value": "0x0005d000"
              }
            ],
            "repeated": 0,
            "id": 60
          },
          {
            "timestamp": "2026-03-04 21:19:01,623",
            "thread_id": "4516",
            "caller": "0x008e5abb",
            "parentcaller": "0x008e42a3",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
              }
            ],
            "repeated": 0,
            "id": 61
          },
          {
            "timestamp": "2026-03-04 21:19:01,623",
            "thread_id": "4516",
            "caller": "0x008e5abb",
            "parentcaller": "0x008e42a3",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b4"
              },
              {
                "name": "ValueName",
                "value": "PreferExternalManifest"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest"
              }
            ],
            "repeated": 0,
            "id": 62
          },
          {
            "timestamp": "2026-03-04 21:19:01,623",
            "thread_id": "4516",
            "caller": "0x008e5abb",
            "parentcaller": "0x008e42a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b4"
              }
            ],
            "repeated": 0,
            "id": 63
          },
          {
            "timestamp": "2026-03-04 21:19:01,639",
            "thread_id": "4516",
            "caller": "0x008e5abb",
            "parentcaller": "0x008e42a3",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120089",
                "pretty_value": "FILE_GENERIC_READ"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\rundll32.exe"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 64
          },
          {
            "timestamp": "2026-03-04 21:19:01,639",
            "thread_id": "4516",
            "caller": "0x008e5abb",
            "parentcaller": "0x008e42a3",
            "category": "__notification__",
            "api": "sysenter",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadIdentifier",
                "value": "4516"
              },
              {
                "name": "Module",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "Return Address",
                "value": "0x760924ac"
              }
            ],
            "repeated": 0,
            "id": 65
          },
          {
            "timestamp": "2026-03-04 21:19:01,654",
            "thread_id": "4516",
            "caller": "0x008e5abb",
            "parentcaller": "0x008e42a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b4"
              }
            ],
            "repeated": 0,
            "id": 66
          },
          {
            "timestamp": "2026-03-04 21:19:01,654",
            "thread_id": "4516",
            "caller": "0x008e5d94",
            "parentcaller": "0x008e42ae",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002b4"
              }
            ],
            "repeated": 0,
            "id": 67
          },
          {
            "timestamp": "2026-03-04 21:19:01,654",
            "thread_id": "4516",
            "caller": "0x008e5d1d",
            "parentcaller": "0x008e5db9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 68
          },
          {
            "timestamp": "2026-03-04 21:19:01,654",
            "thread_id": "4516",
            "caller": "0x008e5d42",
            "parentcaller": "0x008e5db9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 69
          },
          {
            "timestamp": "2026-03-04 21:19:01,654",
            "thread_id": "4516",
            "caller": "0x008e5dc4",
            "parentcaller": "0x008e42ae",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b4"
              }
            ],
            "repeated": 0,
            "id": 70
          },
          {
            "timestamp": "2026-03-04 21:19:01,670",
            "thread_id": "4516",
            "caller": "0x008e3c8d",
            "parentcaller": "0x008e3e97",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sample.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 71
          },
          {
            "timestamp": "2026-03-04 21:19:01,670",
            "thread_id": "4516",
            "caller": "0x008e3cf8",
            "parentcaller": "0x008e3e97",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 72
          },
          {
            "timestamp": "2026-03-04 21:19:01,670",
            "thread_id": "4516",
            "caller": "0x008e3cf8",
            "parentcaller": "0x008e3e97",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "Latest"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest"
              }
            ],
            "repeated": 0,
            "id": 73
          },
          {
            "timestamp": "2026-03-04 21:19:01,670",
            "thread_id": "4516",
            "caller": "0x008e3cf8",
            "parentcaller": "0x008e3e97",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              }
            ],
            "repeated": 0,
            "id": 74
          },
          {
            "timestamp": "2026-03-04 21:19:01,670",
            "thread_id": "4516",
            "caller": "0x008e3cf8",
            "parentcaller": "0x008e3e97",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\KERNELBASE.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 75
          },
          {
            "timestamp": "2026-03-04 21:19:01,670",
            "thread_id": "4516",
            "caller": "0x008e3cf8",
            "parentcaller": "0x008e3e97",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000002d8"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\KernelBase.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 76
          },
          {
            "timestamp": "2026-03-04 21:19:01,670",
            "thread_id": "4516",
            "caller": "0x008e3cf8",
            "parentcaller": "0x008e3e97",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06ac0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007ae618"
              },
              {
                "name": "ViewSize",
                "value": "0x0014f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 77
          },
          {
            "timestamp": "2026-03-04 21:19:01,670",
            "thread_id": "4516",
            "caller": "0x008e3cf8",
            "parentcaller": "0x008e3e97",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 78
          },
          {
            "timestamp": "2026-03-04 21:19:01,670",
            "thread_id": "4516",
            "caller": "0x008e3cf8",
            "parentcaller": "0x008e3e97",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06ac0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0014f000"
              }
            ],
            "repeated": 0,
            "id": 79
          },
          {
            "timestamp": "2026-03-04 21:19:01,670",
            "thread_id": "4516",
            "caller": "0x008e3cf8",
            "parentcaller": "0x008e3e97",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              }
            ],
            "repeated": 0,
            "id": 80
          },
          {
            "timestamp": "2026-03-04 21:19:01,670",
            "thread_id": "4516",
            "caller": "0x008e3cf8",
            "parentcaller": "0x008e3e97",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ru-RU\\KERNELBASE.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 81
          },
          {
            "timestamp": "2026-03-04 21:19:01,670",
            "thread_id": "4516",
            "caller": "0x008e3cf8",
            "parentcaller": "0x008e3e97",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\sysnative\\ru-RU\\KERNELBASE.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 82
          },
          {
            "timestamp": "2026-03-04 21:19:01,670",
            "thread_id": "4516",
            "caller": "0x008e3cf8",
            "parentcaller": "0x008e3e97",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000002d8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\sysnative\\ru-RU\\KernelBase.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 83
          },
          {
            "timestamp": "2026-03-04 21:19:01,670",
            "thread_id": "4516",
            "caller": "0x008e3cf8",
            "parentcaller": "0x008e3e97",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06ac0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007ae618"
              },
              {
                "name": "ViewSize",
                "value": "0x0014c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 84
          },
          {
            "timestamp": "2026-03-04 21:19:01,670",
            "thread_id": "4516",
            "caller": "0x008e3cf8",
            "parentcaller": "0x008e3e97",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 85
          },
          {
            "timestamp": "2026-03-04 21:19:01,670",
            "thread_id": "4516",
            "caller": "0x008e3924",
            "parentcaller": "0x008e3d10",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00850000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 86
          },
          {
            "timestamp": "2026-03-04 21:19:01,670",
            "thread_id": "4516",
            "caller": "0x008e3924",
            "parentcaller": "0x008e3d10",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000f4"
              }
            ],
            "repeated": 0,
            "id": 87
          },
          {
            "timestamp": "2026-03-04 21:19:01,670",
            "thread_id": "4516",
            "caller": "0x008e3924",
            "parentcaller": "0x008e3d10",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 88
          },
          {
            "timestamp": "2026-03-04 21:19:01,685",
            "thread_id": "4516",
            "caller": "0x008e3924",
            "parentcaller": "0x008e3d10",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f4"
              },
              {
                "name": "ValueName",
                "value": "Latest"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest"
              }
            ],
            "repeated": 0,
            "id": 89
          },
          {
            "timestamp": "2026-03-04 21:19:01,685",
            "thread_id": "4516",
            "caller": "0x008e3924",
            "parentcaller": "0x008e3d10",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000f4"
              }
            ],
            "repeated": 0,
            "id": 90
          },
          {
            "timestamp": "2026-03-04 21:19:01,685",
            "thread_id": "4516",
            "caller": "0x008e3924",
            "parentcaller": "0x008e3d10",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000000f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\rundll32.exe.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 91
          },
          {
            "timestamp": "2026-03-04 21:19:01,685",
            "thread_id": "4516",
            "caller": "0x008e3924",
            "parentcaller": "0x008e3d10",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000000f4"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\rundll32.exe.mui"
              }
            ],
            "repeated": 0,
            "id": 92
          },
          {
            "timestamp": "2026-03-04 21:19:01,685",
            "thread_id": "4516",
            "caller": "0x008e3924",
            "parentcaller": "0x008e3d10",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00850000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007ae0f8"
              },
              {
                "name": "ViewSize",
                "value": "0x00004000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 93
          },
          {
            "timestamp": "2026-03-04 21:19:01,685",
            "thread_id": "4516",
            "caller": "0x008e3924",
            "parentcaller": "0x008e3d10",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b4"
              }
            ],
            "repeated": 0,
            "id": 94
          },
          {
            "timestamp": "2026-03-04 21:19:01,685",
            "thread_id": "4516",
            "caller": "0x008e5e77",
            "parentcaller": "0x008e69af",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x008eb000"
              },
              {
                "name": "ModuleName",
                "value": "rundll32.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 95
          },
          {
            "timestamp": "2026-03-04 21:19:01,685",
            "thread_id": "4516",
            "caller": "0x008e5e77",
            "parentcaller": "0x008e69af",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x008eb000"
              },
              {
                "name": "ModuleName",
                "value": "rundll32.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 96
          },
          {
            "timestamp": "2026-03-04 21:19:01,842",
            "thread_id": "4516",
            "caller": "0x008e3a40",
            "parentcaller": "0x008e3d10",
            "category": "__notification__",
            "api": "sysenter",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadIdentifier",
                "value": "4516"
              },
              {
                "name": "Module",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "Return Address",
                "value": "0x75c633ec"
              }
            ],
            "repeated": 0,
            "id": 97
          },
          {
            "timestamp": "2026-03-04 21:19:02,623",
            "thread_id": "4516",
            "caller": "0x008e3a40",
            "parentcaller": "0x008e3d10",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\TextShaping"
              },
              {
                "name": "DllBase",
                "value": "0x73610000"
              }
            ],
            "repeated": 0,
            "id": 98
          },
          {
            "timestamp": "2026-03-04 21:19:04,123",
            "thread_id": "4516",
            "caller": "0x008e3a40",
            "parentcaller": "0x008e3d10",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\uxtheme"
              },
              {
                "name": "DllBase",
                "value": "0x740c0000"
              }
            ],
            "repeated": 0,
            "id": 99
          },
          {
            "timestamp": "2026-03-04 21:19:04,123",
            "thread_id": "4516",
            "caller": "0x008e3a40",
            "parentcaller": "0x008e3d10",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\uxtheme.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x740c0000"
              }
            ],
            "repeated": 0,
            "id": 100
          },
          {
            "timestamp": "2026-03-04 21:19:04,342",
            "thread_id": "4516",
            "caller": "0x008e3a40",
            "parentcaller": "0x008e3d10",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\MSCTF"
              },
              {
                "name": "DllBase",
                "value": "0x75d50000"
              }
            ],
            "repeated": 0,
            "id": 101
          },
          {
            "timestamp": "2026-03-04 21:19:04,623",
            "thread_id": "4516",
            "caller": "0x008e3a40",
            "parentcaller": "0x008e3d10",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\kernel.appcore"
              },
              {
                "name": "DllBase",
                "value": "0x74d40000"
              }
            ],
            "repeated": 0,
            "id": 102
          },
          {
            "timestamp": "2026-03-04 21:19:04,654",
            "thread_id": "4516",
            "caller": "0x008e3a40",
            "parentcaller": "0x008e3d10",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\bcryptPrimitives"
              },
              {
                "name": "DllBase",
                "value": "0x76c00000"
              }
            ],
            "repeated": 0,
            "id": 103
          },
          {
            "timestamp": "2026-03-04 21:19:04,701",
            "thread_id": "4516",
            "caller": "0x008e3a40",
            "parentcaller": "0x008e3d10",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\ntmarta"
              },
              {
                "name": "DllBase",
                "value": "0x73200000"
              }
            ],
            "repeated": 0,
            "id": 104
          },
          {
            "timestamp": "2026-03-04 21:19:04,732",
            "thread_id": "4516",
            "caller": "0x008e3a40",
            "parentcaller": "0x008e3d10",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\CoreMessaging"
              },
              {
                "name": "DllBase",
                "value": "0x73230000"
              }
            ],
            "repeated": 0,
            "id": 105
          },
          {
            "timestamp": "2026-03-04 21:19:04,748",
            "thread_id": "4516",
            "caller": "0x008e3a40",
            "parentcaller": "0x008e3d10",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\wintypes"
              },
              {
                "name": "DllBase",
                "value": "0x73120000"
              }
            ],
            "repeated": 0,
            "id": 106
          },
          {
            "timestamp": "2026-03-04 21:19:04,764",
            "thread_id": "4516",
            "caller": "0x008e3a40",
            "parentcaller": "0x008e3d10",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\CoreUIComponents"
              },
              {
                "name": "DllBase",
                "value": "0x732d0000"
              }
            ],
            "repeated": 0,
            "id": 107
          },
          {
            "timestamp": "2026-03-04 21:19:04,779",
            "thread_id": "4516",
            "caller": "0x008e3a40",
            "parentcaller": "0x008e3d10",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\textinputframework"
              },
              {
                "name": "DllBase",
                "value": "0x73550000"
              }
            ],
            "repeated": 0,
            "id": 108
          },
          {
            "timestamp": "2026-03-04 21:19:05,185",
            "thread_id": "4516",
            "caller": "0x008e3a40",
            "parentcaller": "0x008e3d10",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76070000"
              }
            ],
            "repeated": 0,
            "id": 109
          },
          {
            "timestamp": "2026-03-04 21:19:34,670",
            "thread_id": "6008",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 110
          },
          {
            "timestamp": "2026-03-04 21:19:34,670",
            "thread_id": "6008",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 111
          },
          {
            "timestamp": "2026-03-04 21:19:34,670",
            "thread_id": "6008",
            "caller": "0x75c51454",
            "parentcaller": "0x7691b5fa",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000354"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 112
          },
          {
            "timestamp": "2026-03-04 21:19:34,670",
            "thread_id": "6008",
            "caller": "0x76918f18",
            "parentcaller": "0x76918dcd",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030c"
              }
            ],
            "repeated": 0,
            "id": 113
          },
          {
            "timestamp": "2026-03-04 21:19:34,670",
            "thread_id": "5632",
            "caller": "0x779964d6",
            "parentcaller": "0x779963e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 114
          },
          {
            "timestamp": "2026-03-04 21:19:34,670",
            "thread_id": "5632",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 115
          },
          {
            "timestamp": "2026-03-04 21:19:59,967",
            "thread_id": "836",
            "caller": "0x7799b5a6",
            "parentcaller": "0x779660fc",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "836"
              }
            ],
            "repeated": 0,
            "id": 116
          },
          {
            "timestamp": "2026-03-04 21:19:59,967",
            "thread_id": "4680",
            "caller": "0x7799b5a6",
            "parentcaller": "0x779660fc",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "4680"
              }
            ],
            "repeated": 0,
            "id": 117
          },
          {
            "timestamp": "2026-03-04 21:19:59,967",
            "thread_id": "836",
            "caller": "0x7799b5c9",
            "parentcaller": "0x779660fc",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 118
          },
          {
            "timestamp": "2026-03-04 21:21:13,420",
            "thread_id": "5632",
            "caller": "0x7799b5a6",
            "parentcaller": "0x779660fc",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5632"
              }
            ],
            "repeated": 0,
            "id": 119
          },
          {
            "timestamp": "2026-03-04 21:21:13,420",
            "thread_id": "6008",
            "caller": "0x7799b5a6",
            "parentcaller": "0x779660fc",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "6008"
              }
            ],
            "repeated": 0,
            "id": 120
          },
          {
            "timestamp": "2026-03-04 21:21:13,420",
            "thread_id": "6008",
            "caller": "0x77981c0e",
            "parentcaller": "0x7797f79e",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000007c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 1,
            "id": 121
          },
          {
            "timestamp": "2026-03-04 21:21:13,420",
            "thread_id": "5632",
            "caller": "0x7799b5c9",
            "parentcaller": "0x779660fc",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 122
          },
          {
            "timestamp": "2026-03-04 21:21:13,420",
            "thread_id": "6008",
            "caller": "0x75c4269a",
            "parentcaller": "0x7691c192",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000354"
              }
            ],
            "repeated": 0,
            "id": 123
          },
          {
            "timestamp": "2026-03-04 21:21:13,420",
            "thread_id": "6008",
            "caller": "0x75c4269a",
            "parentcaller": "0x7691c214",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              }
            ],
            "repeated": 0,
            "id": 124
          },
          {
            "timestamp": "2026-03-04 21:21:13,420",
            "thread_id": "6008",
            "caller": "0x7799b5c9",
            "parentcaller": "0x779660fc",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 125
          }
        ],
        "threads": [
          "4516",
          "2784",
          "3804",
          "2172",
          "6416",
          "6008",
          "5632",
          "836",
          "4680"
        ],
        "environ": {
          "UserName": "cape",
          "ComputerName": "DESKTOP-PC01",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Users\\cape\\AppData\\Local\\Temp\\",
          "CommandLine": "\"C:\\Windows\\System32\\rundll32.exe\" \"C:\\Users\\cape\\AppData\\Local\\Temp\\sample.dll\",#1",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "7c6d-8d48",
          "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
          "MachineGUID": "",
          "MainExeBase": "0x008e0000",
          "MainExeSize": "0x00014000",
          "Bitness": "32-bit"
        },
        "file_activities": {
          "read_files": [],
          "write_files": [],
          "delete_files": []
        }
      }
    ],
    "anomaly": [],
    "processtree": [
      {
        "name": "rundll32.exe",
        "pid": 352,
        "parent_id": 3404,
        "module_path": "C:\\Windows\\SysWOW64\\rundll32.exe",
        "children": [],
        "threads": [
          "4516",
          "2784",
          "3804",
          "2172",
          "6416",
          "6008",
          "5632",
          "836",
          "4680"
        ],
        "environ": {
          "UserName": "cape",
          "ComputerName": "DESKTOP-PC01",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Users\\cape\\AppData\\Local\\Temp\\",
          "CommandLine": "\"C:\\Windows\\System32\\rundll32.exe\" \"C:\\Users\\cape\\AppData\\Local\\Temp\\sample.dll\",#1",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "7c6d-8d48",
          "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
          "MachineGUID": "",
          "MainExeBase": "0x008e0000",
          "MainExeSize": "0x00014000",
          "Bitness": "32-bit"
        }
      }
    ],
    "summary": {
      "files": [
        "C:\\Users\\cape\\AppData\\Local\\Temp\\sample.dll.manifest",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\sample.dll",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\sample.dll.123.Manifest",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\sample.dll.124.Manifest",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\sample.dll.2.Manifest",
        "C:\\Windows\\SysWOW64\\rundll32.exe",
        "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\KERNELBASE.dll.mui",
        "C:\\Windows\\System32\\ru-RU\\KERNELBASE.dll.mui",
        "C:\\Windows\\sysnative\\ru-RU\\KERNELBASE.dll.mui",
        "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\rundll32.exe.mui"
      ],
      "read_files": [],
      "write_files": [],
      "delete_files": [],
      "keys": [
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest"
      ],
      "read_keys": [
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest"
      ],
      "write_keys": [],
      "delete_keys": [],
      "executed_commands": [],
      "resolved_apis": [],
      "mutexes": [],
      "created_services": [],
      "started_services": []
    },
    "enhanced": [
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-04 21:19:01,342",
        "eid": 1,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-04 21:19:01,607",
        "eid": 2,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-04 21:19:01,623",
        "eid": 3,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-04 21:19:01,623",
        "eid": 4,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-04 21:19:01,670",
        "eid": 5,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Local\\Temp\\sample.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-04 21:19:01,670",
        "eid": 6,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-03-04 21:19:01,685",
        "eid": 7,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-04 21:19:04,123",
        "eid": 8,
        "data": {
          "file": "C:\\Windows\\System32\\uxtheme.dll",
          "pathtofile": null,
          "moduleaddress": "0x740c0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-03-04 21:19:05,185",
        "eid": 9,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": "0x76070000"
        }
      }
    ],
    "encryptedbuffers": [],
    "network_map": {
      "endpoint_map": {},
      "http_host_map": {},
      "dns_intents": {},
      "http_requests": [],
      "winhttp_sessions": []
    }
  },
  "debug": {
    "log": "2026-03-05 02:28:18,340 [root] INFO: Date set to: 20260305T00:18:34, timeout set to: 200\n2026-03-05 00:18:34,138 [root] DEBUG: Starting analyzer from: C:\\vrp2u9om\n2026-03-05 00:18:34,138 [root] DEBUG: Storing results at: C:\\UfnHHQPorU\n2026-03-05 00:18:34,138 [root] DEBUG: Pipe server name: \\\\.\\PIPE\\kLbvnJYYvB\n2026-03-05 00:18:34,138 [root] DEBUG: Python path: C:\\Python310\n2026-03-05 00:18:34,154 [root] INFO: analysis running as an admin\n2026-03-05 00:18:34,154 [root] INFO: analysis package specified: \"dll\"\n2026-03-05 00:18:34,154 [root] DEBUG: importing analysis package module: \"modules.packages.dll\"...\n2026-03-05 00:18:34,154 [root] DEBUG: imported analysis package \"dll\"\n2026-03-05 00:18:34,154 [root] DEBUG: initializing analysis package \"dll\"...\n2026-03-05 00:18:34,154 [lib.common.common] INFO: wrapping\n2026-03-05 00:18:34,154 [lib.core.compound] INFO: C:\\Users\\cape\\AppData\\Local\\Temp already exists, skipping creation\n2026-03-05 00:18:34,154 [root] DEBUG: New location of moved file: C:\\Users\\cape\\AppData\\Local\\Temp\\sample.dll\n2026-03-05 00:18:34,154 [root] INFO: Analyzer: Package modules.packages.dll does not specify a DLL option\n2026-03-05 00:18:34,154 [root] INFO: Analyzer: Package modules.packages.dll does not specify a DLL_64 option\n2026-03-05 00:18:34,154 [root] INFO: Analyzer: Package modules.packages.dll does not specify a loader option\n2026-03-05 00:18:34,154 [root] INFO: Analyzer: Package modules.packages.dll does not specify a loader_64 option\n2026-03-05 00:18:34,326 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.browser\"\n2026-03-05 00:18:34,576 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.digisig\"\n2026-03-05 00:18:34,670 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.disguise\"\n2026-03-05 00:18:34,748 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.human\"\n2026-03-05 00:18:35,216 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'\n2026-03-05 00:18:35,232 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageGrab'\n2026-03-05 00:18:35,263 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw'\n2026-03-05 00:18:35,529 [lib.api.screenshot] INFO: Please upgrade Pillow to >= 5.4.1 for best performance\n2026-03-05 00:18:35,529 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.screenshots\"\n2026-03-05 00:18:35,560 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.tlsdump\"\n2026-03-05 00:18:35,560 [root] DEBUG: Initialized auxiliary module \"Browser\"\n2026-03-05 00:18:35,560 [root] DEBUG: attempting to configure 'Browser' from data\n2026-03-05 00:18:35,592 [root] DEBUG: module Browser does not support data configuration, ignoring\n2026-03-05 00:18:35,592 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.browser\"...\n2026-03-05 00:18:35,607 [root] DEBUG: Started auxiliary module modules.auxiliary.browser\n2026-03-05 00:18:35,607 [root] DEBUG: Initialized auxiliary module \"DigiSig\"\n2026-03-05 00:18:35,607 [root] DEBUG: attempting to configure 'DigiSig' from data\n2026-03-05 00:18:35,607 [root] DEBUG: module DigiSig does not support data configuration, ignoring\n2026-03-05 00:18:35,623 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.digisig\"...\n2026-03-05 00:18:35,623 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature\n2026-03-05 00:18:36,169 [modules.auxiliary.digisig] DEBUG: File is not signed\n2026-03-05 00:18:36,169 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json\n2026-03-05 00:18:36,169 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig\n2026-03-05 00:18:36,185 [root] DEBUG: Initialized auxiliary module \"Disguise\"\n2026-03-05 00:18:36,185 [root] DEBUG: attempting to configure 'Disguise' from data\n2026-03-05 00:18:36,185 [root] DEBUG: module Disguise does not support data configuration, ignoring\n2026-03-05 00:18:36,185 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.disguise\"...\n2026-03-05 00:18:36,185 [modules.auxiliary.disguise] INFO: Disguising GUID to fd7fc618-18f9-47ce-a04f-1a623f9008af\n2026-03-05 00:18:36,185 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise\n2026-03-05 00:18:36,185 [root] DEBUG: Initialized auxiliary module \"Human\"\n2026-03-05 00:18:36,201 [root] DEBUG: attempting to configure 'Human' from data\n2026-03-05 00:18:36,201 [root] DEBUG: module Human does not support data configuration, ignoring\n2026-03-05 00:18:36,201 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.human\"...\n2026-03-05 00:18:36,201 [root] DEBUG: Started auxiliary module modules.auxiliary.human\n2026-03-05 00:18:36,216 [root] DEBUG: Initialized auxiliary module \"Screenshots\"\n2026-03-05 00:18:36,216 [root] DEBUG: attempting to configure 'Screenshots' from data\n2026-03-05 00:18:36,216 [root] DEBUG: module Screenshots does not support data configuration, ignoring\n2026-03-05 00:18:36,216 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.screenshots\"...\n2026-03-05 00:18:36,216 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots\n2026-03-05 00:18:36,216 [root] DEBUG: Initialized auxiliary module \"TLSDumpMasterSecrets\"\n2026-03-05 00:18:36,216 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data\n2026-03-05 00:18:36,232 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring\n2026-03-05 00:18:36,232 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.tlsdump\"...\n2026-03-05 00:18:36,232 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 656\n2026-03-05 00:18:36,279 [lib.api.process] INFO: Monitor config for <Process 656 lsass.exe>: C:\\vrp2u9om\\dll\\656.ini\n2026-03-05 00:18:36,279 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor\n2026-03-05 00:18:36,388 [lib.api.process] INFO: 64-bit DLL to inject is C:\\vrp2u9om\\dll\\hszJQNBp.dll, loader C:\\vrp2u9om\\bin\\xpQbvRlb.exe\n2026-03-05 00:18:38,607 [root] DEBUG: Loader: Injecting process 656 with C:\\vrp2u9om\\dll\\hszJQNBp.dll.\n2026-03-05 00:18:42,873 [root] DEBUG: 656: Python path set to 'C:\\Python310'.\n2026-03-05 00:18:42,873 [root] DEBUG: 656: Disabling sleep skipping.\n2026-03-05 00:18:42,888 [root] DEBUG: 656: TLS secret dump mode enabled.\n2026-03-05 00:18:43,201 [root] DEBUG: 656: RtlInsertInvertedFunctionTable 0x00007FF97FCC090E, LdrpInvertedFunctionTableSRWLock 0x00007FF97FE1D500\n2026-03-05 00:18:43,216 [root] DEBUG: 656: Monitor initialised: 64-bit capemon loaded in process 656 at 0x00007FF95DDB0000, thread 3876, image base 0x00007FF794EB0000, stack from 0x000000A2778F1000-0x000000A277900000\n2026-03-05 00:18:43,216 [root] DEBUG: 656: Commandline: C:\\Windows\\system32\\lsass.exe\n2026-03-05 00:18:43,498 [root] DEBUG: 656: Hooked 5 out of 5 functions\n2026-03-05 00:18:43,498 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.\n2026-03-05 00:18:43,498 [root] DEBUG: Successfully injected DLL C:\\vrp2u9om\\dll\\hszJQNBp.dll.\n2026-03-05 00:18:43,607 [lib.api.process] INFO: Injected into 64-bit <Process 656 lsass.exe>\n2026-03-05 00:18:43,607 [root] DEBUG: Started auxiliary module modules.auxiliary.tlsdump\n2026-03-05 00:18:49,529 [root] DEBUG: 656: TLS 1.2 secrets logged to: C:\\UfnHHQPorU\\tlsdump\\tlsdump.log\n2026-03-05 00:18:54,185 [root] INFO: Restarting WMI Service\n2026-03-05 00:18:56,607 [root] DEBUG: package modules.packages.dll does not support configure, ignoring\n2026-03-05 00:18:56,607 [root] WARNING: configuration error for package modules.packages.dll: error importing data.packages.dll: No module named 'data.packages'\n2026-03-05 00:18:56,607 [lib.core.compound] INFO: C:\\Users\\cape\\AppData\\Local\\Temp already exists, skipping creation\n2026-03-05 00:18:56,873 [lib.api.process] INFO: Successfully executed process from path \"C:\\Windows\\System32\\rundll32.exe\" with arguments \"\"C:\\Users\\cape\\AppData\\Local\\Temp\\sample.dll\",#1\" with pid 352\n2026-03-05 00:18:56,888 [lib.api.process] INFO: Monitor config for <Process 352 rundll32.exe>: C:\\vrp2u9om\\dll\\352.ini\n2026-03-05 00:18:56,904 [lib.api.process] INFO: 32-bit DLL to inject is C:\\vrp2u9om\\dll\\JcyqnZrz.dll, loader C:\\vrp2u9om\\bin\\SlwveoB.exe\n2026-03-05 00:18:57,076 [root] DEBUG: Loader: Injecting process 352 (thread 4516) with C:\\vrp2u9om\\dll\\JcyqnZrz.dll.\n2026-03-05 00:18:57,357 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-03-05 00:18:57,357 [root] DEBUG: Successfully injected DLL C:\\vrp2u9om\\dll\\JcyqnZrz.dll.\n2026-03-05 00:18:57,372 [lib.api.process] INFO: Injected into 32-bit <Process 352 rundll32.exe>\n2026-03-05 00:18:59,388 [lib.api.process] INFO: Successfully resumed <Process 352 rundll32.exe>\n2026-03-05 00:19:00,091 [root] DEBUG: 352: Python path set to 'C:\\Python310'.\n2026-03-05 00:19:00,169 [root] DEBUG: 352: Disabling sleep skipping.\n2026-03-05 00:19:00,169 [root] DEBUG: 352: Dropped file limit defaulting to 100.\n2026-03-05 00:19:00,357 [root] DEBUG: 352: YaraInit: Compiled 44 rule files\n2026-03-05 00:19:00,357 [root] DEBUG: 352: YaraInit: Compiled rules saved to file C:\\vrp2u9om\\data\\yara\\capemon.yac\n2026-03-05 00:19:00,373 [root] DEBUG: 352: YaraScan: Scanning 0x008E0000, size 0x136e8\n2026-03-05 00:19:00,373 [root] DEBUG: 352: Monitor initialised: 32-bit capemon loaded in process 352 at 0x736b0000, thread 4516, image base 0x8e0000, stack from 0x7a2000-0x7b0000\n2026-03-05 00:19:00,373 [root] DEBUG: 352: Commandline: \"C:\\Windows\\System32\\rundll32.exe\" \"C:\\Users\\cape\\AppData\\Local\\Temp\\sample.dll\",#1\n2026-03-05 00:19:00,654 [root] DEBUG: 352: hook_api: LdrpCallInitRoutine export address 0x779A2A40 obtained via GetFunctionAddress\n2026-03-05 00:19:00,795 [root] DEBUG: 352: hook_api: Warning - CreateProcessA export address 0x760A2D90 differs from GetProcAddress -> 0x73A422A0 (AcLayers.DLL::0xfd9d22a0)\n2026-03-05 00:19:00,810 [root] DEBUG: 352: hook_api: Warning - CreateProcessW export address 0x760888E0 differs from GetProcAddress -> 0x73A424E0 (AcLayers.DLL::0xfd9d24e0)\n2026-03-05 00:19:00,810 [root] DEBUG: 352: hook_api: Warning - WinExec export address 0x760CCF20 differs from GetProcAddress -> 0x73A427A0 (AcLayers.DLL::0xfd9d27a0)\n2026-03-05 00:19:01,014 [root] WARNING: b'Unable to place hook on GetCommandLineA'\n2026-03-05 00:19:01,029 [root] DEBUG: 352: set_hooks: Unable to hook GetCommandLineA\n2026-03-05 00:19:01,045 [root] WARNING: b'Unable to place hook on GetCommandLineW'\n2026-03-05 00:19:01,045 [root] DEBUG: 352: set_hooks: Unable to hook GetCommandLineW\n2026-03-05 00:19:01,263 [root] DEBUG: 352: Hooked 630 out of 632 functions\n2026-03-05 00:19:01,310 [root] DEBUG: 352: Syscall hook installed, syscall logging level 1\n2026-03-05 00:19:01,326 [root] DEBUG: 352: RestoreHeaders: Restored original import table.\n2026-03-05 00:19:01,326 [root] INFO: Loaded monitor into process with pid 352\n2026-03-05 00:19:01,326 [root] DEBUG: 352: caller_dispatch: Added region at 0x008E0000 to tracked regions list (ntdll::NtAllocateVirtualMemory returns to 0x008E5F1A, thread 4516).\n2026-03-05 00:19:01,341 [root] DEBUG: 352: YaraScan: Scanning 0x008E0000, size 0x136e8\n2026-03-05 00:19:01,341 [root] DEBUG: 352: ProcessImageBase: Main module image at 0x008E0000 unmodified (entropy change 0.000000e+00)\n2026-03-05 00:19:01,638 [root] DEBUG: 352: InstrumentationCallback: Added region at 0x760924AC (base 0x76070000) to tracked regions list (thread 4516).\n2026-03-05 00:19:01,654 [root] DEBUG: 352: ProcessTrackedRegion: Region at 0x76070000 mapped as \\Device\\HarddiskVolume1\\Windows\\SysWOW64\\kernel32.dll is in known range, skipping\n2026-03-05 00:19:02,451 [root] DEBUG: 352: InstrumentationCallback: Added region at 0x75C633EC (base 0x75B30000) to tracked regions list (thread 4516).\n2026-03-05 00:19:02,451 [root] DEBUG: 352: ProcessTrackedRegion: Region at 0x75B30000 mapped as \\Device\\HarddiskVolume1\\Windows\\SysWOW64\\KernelBase.dll is in known range, skipping\n2026-03-05 00:19:02,763 [root] DEBUG: 352: DLL loaded at 0x73610000: C:\\Windows\\SYSTEM32\\TextShaping (0x94000 bytes).\n2026-03-05 00:19:04,123 [root] DEBUG: 352: DLL loaded at 0x740C0000: C:\\Windows\\system32\\uxtheme (0x74000 bytes).\n2026-03-05 00:19:04,357 [root] DEBUG: 352: DLL loaded at 0x75D50000: C:\\Windows\\System32\\MSCTF (0xd4000 bytes).\n2026-03-05 00:19:04,623 [root] DEBUG: 352: set_hooks_by_export_directory: Hooked 0 out of 632 functions\n2026-03-05 00:19:04,638 [root] DEBUG: 352: DLL loaded at 0x74D40000: C:\\Windows\\SYSTEM32\\kernel.appcore (0xf000 bytes).\n2026-03-05 00:19:04,654 [root] DEBUG: 352: DLL loaded at 0x76C00000: C:\\Windows\\System32\\bcryptPrimitives (0x5f000 bytes).\n2026-03-05 00:19:04,716 [root] DEBUG: 352: DLL loaded at 0x73200000: C:\\Windows\\SYSTEM32\\ntmarta (0x29000 bytes).\n2026-03-05 00:19:04,732 [root] DEBUG: 352: DLL loaded at 0x73230000: C:\\Windows\\System32\\CoreMessaging (0x9b000 bytes).\n2026-03-05 00:19:04,763 [root] DEBUG: 352: DLL loaded at 0x73120000: C:\\Windows\\SYSTEM32\\wintypes (0xdb000 bytes).\n2026-03-05 00:19:04,779 [root] DEBUG: 352: DLL loaded at 0x732D0000: C:\\Windows\\System32\\CoreUIComponents (0x27e000 bytes).\n2026-03-05 00:19:04,779 [root] DEBUG: 352: DLL loaded at 0x73550000: C:\\Windows\\SYSTEM32\\textinputframework (0xb9000 bytes).\n2026-03-05 00:22:19,826 [root] INFO: Analysis timeout hit, terminating analysis\n2026-03-05 00:22:19,826 [lib.api.process] INFO: Terminate event set for <Process 352 rundll32.exe>\n2026-03-05 00:22:19,826 [root] DEBUG: 352: Terminate Event: Attempting to dump process 352\n2026-03-05 00:22:19,826 [root] DEBUG: 352: DoProcessDump: Skipping process dump as code is identical on disk.\n2026-03-05 00:22:19,842 [lib.api.process] INFO: Termination confirmed for <Process 352 rundll32.exe>\n2026-03-05 00:22:19,842 [root] INFO: Terminate event set for process 352\n2026-03-05 00:22:19,857 [root] INFO: Created shutdown mutex\n2026-03-05 00:22:19,857 [root] DEBUG: 352: Terminate Event: monitor shutdown complete for process 352\n2026-03-05 00:22:20,873 [root] INFO: Shutting down package\n2026-03-05 00:22:20,873 [root] INFO: Stopping auxiliary modules\n2026-03-05 00:22:20,873 [root] INFO: Stopping auxiliary module: Browser\n2026-03-05 00:22:20,873 [root] INFO: Stopping auxiliary module: Human\n2026-03-05 00:22:22,888 [root] INFO: Stopping auxiliary module: Screenshots\n2026-03-05 00:22:23,435 [root] INFO: Finishing auxiliary modules\n2026-03-05 00:22:23,435 [root] INFO: Shutting down pipe server and dumping dropped files\n2026-03-05 00:22:23,451 [root] WARNING: Folder at path \"C:\\UfnHHQPorU\\debugger\" does not exist, skipping\n2026-03-05 00:22:23,451 [root] INFO: Uploading files at path \"C:\\UfnHHQPorU\\tlsdump\"\n2026-03-05 00:22:23,451 [lib.common.results] INFO: Uploading file C:\\UfnHHQPorU\\tlsdump\\tlsdump.log to tlsdump\\tlsdump.log; Size is 6576; Max size: 100000000\n2026-03-05 00:22:23,467 [root] INFO: Analysis completed\n",
    "errors": []
  },
  "network": {
    "pcap_sha256": "d19b52fa08e07da57694c0707d154baa3d69ab20fbf717d29769119da0bd0489",
    "hosts": [
      {
        "ip": "72.154.7.102",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "72.154.7.97",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "72.154.7.109",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "72.154.7.16",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "135.232.92.97",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "176.99.136.153",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          80
        ]
      }
    ],
    "domains": [],
    "tcp": [
      {
        "src": "192.168.1.100",
        "sport": 50625,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 13182,
        "time": 3.9506068229675293
      },
      {
        "src": "192.168.1.100",
        "sport": 50615,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 14948,
        "time": 4.049270868301392
      },
      {
        "src": "192.168.1.100",
        "sport": 50629,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 16077,
        "time": 4.082767963409424
      },
      {
        "src": "192.168.1.100",
        "sport": 50631,
        "dst": "109.61.38.38",
        "dport": 80,
        "offset": 34202,
        "time": 15.133829832077026
      },
      {
        "src": "192.168.1.100",
        "sport": 50633,
        "dst": "109.61.38.38",
        "dport": 80,
        "offset": 107375,
        "time": 15.247830867767334
      },
      {
        "src": "192.168.1.100",
        "sport": 50634,
        "dst": "135.232.92.97",
        "dport": 443,
        "offset": 3451421,
        "time": 16.090214014053345
      },
      {
        "src": "192.168.1.100",
        "sport": 50635,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 5684198,
        "time": 17.17654800415039
      },
      {
        "src": "192.168.1.100",
        "sport": 50640,
        "dst": "72.154.7.16",
        "dport": 443,
        "offset": 16581996,
        "time": 24.76004385948181
      },
      {
        "src": "192.168.1.100",
        "sport": 50642,
        "dst": "72.154.7.109",
        "dport": 443,
        "offset": 16954506,
        "time": 24.80352783203125
      },
      {
        "src": "192.168.1.100",
        "sport": 50646,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 27135102,
        "time": 34.93085980415344
      },
      {
        "src": "192.168.1.100",
        "sport": 50655,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 28285337,
        "time": 44.85090494155884
      },
      {
        "src": "192.168.1.100",
        "sport": 50663,
        "dst": "20.190.181.2",
        "dport": 443,
        "offset": 37323349,
        "time": 67.22748494148254
      },
      {
        "src": "192.168.1.100",
        "sport": 50665,
        "dst": "104.208.16.89",
        "dport": 443,
        "offset": 37359980,
        "time": 68.5505199432373
      },
      {
        "src": "192.168.1.100",
        "sport": 50667,
        "dst": "72.154.7.107",
        "dport": 443,
        "offset": 37379265,
        "time": 74.8863890171051
      },
      {
        "src": "192.168.1.100",
        "sport": 50669,
        "dst": "2.23.89.205",
        "dport": 443,
        "offset": 37396316,
        "time": 82.91944599151611
      },
      {
        "src": "192.168.1.100",
        "sport": 50670,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 37407207,
        "time": 83.17701196670532
      },
      {
        "src": "192.168.1.100",
        "sport": 50672,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 37422207,
        "time": 91.11759400367737
      },
      {
        "src": "192.168.1.100",
        "sport": 50674,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 37425185,
        "time": 91.28300380706787
      },
      {
        "src": "192.168.1.100",
        "sport": 50676,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 37948898,
        "time": 91.67519903182983
      },
      {
        "src": "192.168.1.100",
        "sport": 50677,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 37951349,
        "time": 91.79347681999207
      },
      {
        "src": "192.168.1.100",
        "sport": 50679,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 38831179,
        "time": 94.53625988960266
      },
      {
        "src": "192.168.1.100",
        "sport": 50680,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 38833814,
        "time": 94.77529096603394
      },
      {
        "src": "192.168.1.100",
        "sport": 50682,
        "dst": "72.154.7.97",
        "dport": 443,
        "offset": 38845305,
        "time": 97.21804881095886
      },
      {
        "src": "192.168.1.100",
        "sport": 50683,
        "dst": "176.99.136.153",
        "dport": 80,
        "offset": 38851492,
        "time": 97.62250900268555
      },
      {
        "src": "192.168.1.100",
        "sport": 50685,
        "dst": "52.182.143.213",
        "dport": 443,
        "offset": 38866509,
        "time": 112.22950792312622
      },
      {
        "src": "192.168.1.100",
        "sport": 50687,
        "dst": "13.78.111.199",
        "dport": 443,
        "offset": 38885920,
        "time": 121.1811249256134
      },
      {
        "src": "192.168.1.100",
        "sport": 50689,
        "dst": "199.232.214.172",
        "dport": 80,
        "offset": 38897934,
        "time": 129.10011887550354
      },
      {
        "src": "192.168.1.100",
        "sport": 50690,
        "dst": "72.154.7.102",
        "dport": 443,
        "offset": 38899633,
        "time": 174.48373103141785
      }
    ],
    "udp": [
      {
        "src": "192.168.1.100",
        "sport": 63078,
        "dst": "8.8.4.4",
        "dport": 53,
        "offset": 134,
        "time": 0.018657922744750977
      },
      {
        "src": "192.168.1.100",
        "sport": 60642,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 13793,
        "time": 3.9968600273132324
      },
      {
        "src": "192.168.1.100",
        "sport": 50230,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 27523,
        "time": 14.09021782875061
      },
      {
        "src": "192.168.1.100",
        "sport": 55048,
        "dst": "8.8.4.4",
        "dport": 53,
        "offset": 5674785,
        "time": 17.112425804138184
      },
      {
        "src": "192.168.1.100",
        "sport": 55523,
        "dst": "8.8.4.4",
        "dport": 53,
        "offset": 11309034,
        "time": 19.079749822616577
      },
      {
        "src": "192.168.1.100",
        "sport": 49815,
        "dst": "8.8.4.4",
        "dport": 53,
        "offset": 16389033,
        "time": 24.594851970672607
      },
      {
        "src": "192.168.1.100",
        "sport": 52764,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 37321796,
        "time": 67.10861086845398
      },
      {
        "src": "192.168.1.100",
        "sport": 60417,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 37327852,
        "time": 67.27649092674255
      },
      {
        "src": "192.168.1.100",
        "sport": 54100,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 37378390,
        "time": 74.68311786651611
      },
      {
        "src": "192.168.1.100",
        "sport": 58814,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 37384898,
        "time": 79.97834086418152
      },
      {
        "src": "192.168.1.100",
        "sport": 51473,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 37409495,
        "time": 90.74479579925537
      },
      {
        "src": "192.168.1.100",
        "sport": 55046,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 37422620,
        "time": 91.13135695457458
      },
      {
        "src": "192.168.1.100",
        "sport": 60820,
        "dst": "8.8.4.4",
        "dport": 53,
        "offset": 38829801,
        "time": 94.46556687355042
      },
      {
        "src": "192.168.1.100",
        "sport": 56012,
        "dst": "8.8.4.4",
        "dport": 53,
        "offset": 38832910,
        "time": 94.71480703353882
      },
      {
        "src": "192.168.1.100",
        "sport": 53620,
        "dst": "8.8.4.4",
        "dport": 53,
        "offset": 38848575,
        "time": 97.558758020401
      },
      {
        "src": "192.168.1.100",
        "sport": 138,
        "dst": "192.168.1.255",
        "dport": 138,
        "offset": 38865386,
        "time": 107.50781583786011
      },
      {
        "src": "192.168.1.100",
        "sport": 60803,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 38884719,
        "time": 120.89773297309875
      },
      {
        "src": "192.168.1.100",
        "sport": 57072,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 38895319,
        "time": 127.90965700149536
      },
      {
        "src": "192.168.1.100",
        "sport": 65506,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 38905892,
        "time": 186.5101239681244
      }
    ],
    "icmp": [
      {
        "src": "192.168.1.100",
        "dst": "8.8.4.4",
        "type": 3,
        "data": ""
      },
      {
        "src": "192.168.1.100",
        "dst": "8.8.4.4",
        "type": 3,
        "data": ""
      },
      {
        "src": "192.168.1.100",
        "dst": "8.8.4.4",
        "type": 3,
        "data": ""
      },
      {
        "src": "192.168.1.100",
        "dst": "8.8.8.8",
        "type": 3,
        "data": ""
      },
      {
        "src": "192.168.1.100",
        "dst": "8.8.4.4",
        "type": 3,
        "data": ""
      },
      {
        "src": "192.168.1.100",
        "dst": "8.8.4.4",
        "type": 3,
        "data": ""
      }
    ],
    "http": [
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=288358400-289406975\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.2.1.126\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772669918.535606
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=289406976-290455551\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.2.1.127\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772669918.63427
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.1.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772669918.667767
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=25165824-26079085\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.1.1.2\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772669928.673379
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.3.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772669931.761547
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=25165824-26079085\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.3.1.2\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772669931.812657
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=17825792-18874367\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.3.1.3\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772669938.797915
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.4.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772669949.515859
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=8388608-9437183\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.4.1.2\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772669949.554277
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=9437184-10485759\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.4.1.3\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772669959.380577
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=10485760-11534335\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.4.1.4\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772669959.435904
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=11534336-12582911\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.4.1.5\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772669959.69564
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=12582912-13631487\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.4.1.6\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772669959.773279
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=13631488-14680063\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.4.1.7\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772669959.889182
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=14680064-15728639\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.4.1.8\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772669959.98533
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=15728640-16777215\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.4.1.9\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772669960.107313
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=16777216-17825791\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.11.3.1.0.0.13.2.7.4.1.10\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772669960.213948
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.4.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772669997.762011
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: gzip, deflate\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: vnvTOU0030+wiAe5.1.3.1.0.0.17.2.3.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772670005.702593
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735?P1=1772666602&P2=404&P3=2&P4=eS7Qqh1d9sSObVw%2flrorCBtugsthhvXWViejdDtr%2fbOFcNjSS3ocHC71%2btMwa7bI%2bhBJHKPJMAAFm1I%2bUQ4PQA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: vnvTOU0030+wiAe5.1.3.1.0.0.17.2.6.1.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735?P1=1772666602&P2=404&P3=2&P4=eS7Qqh1d9sSObVw%2flrorCBtugsthhvXWViejdDtr%2fbOFcNjSS3ocHC71%2btMwa7bI%2bhBJHKPJMAAFm1I%2bUQ4PQA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735?P1=1772666602&P2=404&P3=2&P4=eS7Qqh1d9sSObVw%2flrorCBtugsthhvXWViejdDtr%2fbOFcNjSS3ocHC71%2btMwa7bI%2bhBJHKPJMAAFm1I%2bUQ4PQA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772670005.868003
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735?P1=1772666602&P2=404&P3=2&P4=eS7Qqh1d9sSObVw%2flrorCBtugsthhvXWViejdDtr%2fbOFcNjSS3ocHC71%2btMwa7bI%2bhBJHKPJMAAFm1I%2bUQ4PQA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=6291456-6757464\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: vnvTOU0030+wiAe5.1.3.1.0.0.17.2.6.1.1.2\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735?P1=1772666602&P2=404&P3=2&P4=eS7Qqh1d9sSObVw%2flrorCBtugsthhvXWViejdDtr%2fbOFcNjSS3ocHC71%2btMwa7bI%2bhBJHKPJMAAFm1I%2bUQ4PQA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735?P1=1772666602&P2=404&P3=2&P4=eS7Qqh1d9sSObVw%2flrorCBtugsthhvXWViejdDtr%2fbOFcNjSS3ocHC71%2btMwa7bI%2bhBJHKPJMAAFm1I%2bUQ4PQA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772670005.907691
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: gzip, deflate\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: vnvTOU0030+wiAe5.1.3.1.0.0.21.2.3.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772670006.260198
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828?P1=1772666612&P2=404&P3=2&P4=HB9aBsWjI8oT4EdcW8r5scELI1nXINxriza63jAkCkhmEW5RMuIfExHxfYu902Xmkus%2fqNy4NG%2fYzvZu25DYjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: vnvTOU0030+wiAe5.1.3.1.0.0.21.2.6.1.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828?P1=1772666612&P2=404&P3=2&P4=HB9aBsWjI8oT4EdcW8r5scELI1nXINxriza63jAkCkhmEW5RMuIfExHxfYu902Xmkus%2fqNy4NG%2fYzvZu25DYjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828?P1=1772666612&P2=404&P3=2&P4=HB9aBsWjI8oT4EdcW8r5scELI1nXINxriza63jAkCkhmEW5RMuIfExHxfYu902Xmkus%2fqNy4NG%2fYzvZu25DYjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772670006.378476
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828?P1=1772666612&P2=404&P3=2&P4=HB9aBsWjI8oT4EdcW8r5scELI1nXINxriza63jAkCkhmEW5RMuIfExHxfYu902Xmkus%2fqNy4NG%2fYzvZu25DYjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=5242880-6050793\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: vnvTOU0030+wiAe5.1.3.1.0.0.21.2.6.1.1.2\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828?P1=1772666612&P2=404&P3=2&P4=HB9aBsWjI8oT4EdcW8r5scELI1nXINxriza63jAkCkhmEW5RMuIfExHxfYu902Xmkus%2fqNy4NG%2fYzvZu25DYjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828?P1=1772666612&P2=404&P3=2&P4=HB9aBsWjI8oT4EdcW8r5scELI1nXINxriza63jAkCkhmEW5RMuIfExHxfYu902Xmkus%2fqNy4NG%2fYzvZu25DYjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772670006.416116
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/3b144c99-73bc-4238-bac7-a9eae26ac9ad?P1=1772667279&P2=404&P3=2&P4=jIQwoh6qn9oGHl6MytQ96iNQ%2fP9klFDj7gGNTyKq8NTxFFGuPW4MMsqlzl1M9jZLhQXKHkc%2bouzM82UWCWdEhA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.20.3.1.0.0.18.2.7.5.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/3b144c99-73bc-4238-bac7-a9eae26ac9ad?P1=1772667279&P2=404&P3=2&P4=jIQwoh6qn9oGHl6MytQ96iNQ%2fP9klFDj7gGNTyKq8NTxFFGuPW4MMsqlzl1M9jZLhQXKHkc%2bouzM82UWCWdEhA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/3b144c99-73bc-4238-bac7-a9eae26ac9ad?P1=1772667279&P2=404&P3=2&P4=jIQwoh6qn9oGHl6MytQ96iNQ%2fP9klFDj7gGNTyKq8NTxFFGuPW4MMsqlzl1M9jZLhQXKHkc%2bouzM82UWCWdEhA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772670009.121259
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/fe0cb85d-cd38-42c1-8fb5-7c913a9185ab?P1=1772667357&P2=404&P3=2&P4=luIrOy9BZwJWKiWqiAroXwvIL%2fBrxzVm7cVAl467AVaOS0fDXPF20uKWpU7VqIRrPel7tgm0QVEUUWuv8okfdw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.20.3.1.0.0.24.2.7.5.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/fe0cb85d-cd38-42c1-8fb5-7c913a9185ab?P1=1772667357&P2=404&P3=2&P4=luIrOy9BZwJWKiWqiAroXwvIL%2fBrxzVm7cVAl467AVaOS0fDXPF20uKWpU7VqIRrPel7tgm0QVEUUWuv8okfdw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/fe0cb85d-cd38-42c1-8fb5-7c913a9185ab?P1=1772667357&P2=404&P3=2&P4=luIrOy9BZwJWKiWqiAroXwvIL%2fBrxzVm7cVAl467AVaOS0fDXPF20uKWpU7VqIRrPel7tgm0QVEUUWuv8okfdw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772670009.36029
      },
      {
        "count": 1,
        "host": "176.99.136.153",
        "port": 80,
        "data": "GET /filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: Fz7HHVkVlkqDLOn2.39.3.1.0.0.14.2.7.5.1.1\r\nContent-Length: 0\r\nHost: 176.99.136.153\r\n\r\n",
        "uri": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1772670012.207508
      }
    ],
    "dns": [],
    "smtp": [],
    "irc": [],
    "dead_hosts": []
  },
  "suricata": {
    "alerts": [],
    "tls": [],
    "perf": [],
    "files": [],
    "http": [
      {
        "srcport": 50629,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 00:18:34.584999+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 0,
        "hostname": "176.99.136.153",
        "status": null,
        "http_method": "GET",
        "contenttype": null,
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50629,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 00:18:38.759785+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 2,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50635,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 00:18:51.812657+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 2,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50635,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 00:18:52.154633+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 913262,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50635,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 00:18:59.140564+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50646,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 00:19:09.554277+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 2,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50646,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 00:19:09.851009+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50646,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 00:19:19.695640+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50655,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 00:19:19.760959+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50646,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 00:19:19.889182+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50655,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 00:19:19.985330+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50646,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 00:19:20.107313+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50655,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 00:19:20.213948+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50646,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 00:19:20.412533+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50655,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 00:19:20.459449+0000",
        "uri": "/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50670,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 00:19:57.847675+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com",
        "length": 2,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50672,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 00:20:05.784083+0000",
        "uri": "/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com",
        "length": 481,
        "hostname": "176.99.136.153",
        "status": 200,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50674,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 00:20:05.907691+0000",
        "uri": "/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735?P1=1772666602&P2=404&P3=2&P4=eS7Qqh1d9sSObVw%2flrorCBtugsthhvXWViejdDtr%2fbOFcNjSS3ocHC71%2btMwa7bI%2bhBJHKPJMAAFm1I%2bUQ4PQA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 2,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50674,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 00:20:06.130278+0000",
        "uri": "/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735?P1=1772666602&P2=404&P3=2&P4=eS7Qqh1d9sSObVw%2flrorCBtugsthhvXWViejdDtr%2fbOFcNjSS3ocHC71%2btMwa7bI%2bhBJHKPJMAAFm1I%2bUQ4PQA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 466009,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50676,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 00:20:06.346608+0000",
        "uri": "/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com",
        "length": 434,
        "hostname": "176.99.136.153",
        "status": 200,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50677,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 00:20:06.416116+0000",
        "uri": "/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828?P1=1772666612&P2=404&P3=2&P4=HB9aBsWjI8oT4EdcW8r5scELI1nXINxriza63jAkCkhmEW5RMuIfExHxfYu902Xmkus%2fqNy4NG%2fYzvZu25DYjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 2,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50677,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 00:20:06.753141+0000",
        "uri": "/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828?P1=1772666612&P2=404&P3=2&P4=HB9aBsWjI8oT4EdcW8r5scELI1nXINxriza63jAkCkhmEW5RMuIfExHxfYu902Xmkus%2fqNy4NG%2fYzvZu25DYjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 807914,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50679,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 00:20:09.205766+0000",
        "uri": "/filestreamingservice/files/3b144c99-73bc-4238-bac7-a9eae26ac9ad?P1=1772667279&P2=404&P3=2&P4=jIQwoh6qn9oGHl6MytQ96iNQ%2fP9klFDj7gGNTyKq8NTxFFGuPW4MMsqlzl1M9jZLhQXKHkc%2bouzM82UWCWdEhA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 2,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50680,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 00:20:09.440107+0000",
        "uri": "/filestreamingservice/files/fe0cb85d-cd38-42c1-8fb5-7c913a9185ab?P1=1772667357&P2=404&P3=2&P4=luIrOy9BZwJWKiWqiAroXwvIL%2fBrxzVm7cVAl467AVaOS0fDXPF20uKWpU7VqIRrPel7tgm0QVEUUWuv8okfdw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 2,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 50683,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "176.99.136.153",
        "timestamp": "2026-03-05 00:20:12.299311+0000",
        "uri": "/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com",
        "length": 2,
        "hostname": "176.99.136.153",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      }
    ],
    "dns": [],
    "ssh": [],
    "fileinfo": [],
    "eve_log_full_path": "/opt/CAPEv2/storage/analyses/4/logs/eve.json",
    "alert_log_full_path": null,
    "tls_log_full_path": null,
    "http_log_full_path": null,
    "file_log_full_path": null,
    "ssh_log_full_path": null,
    "dns_log_full_path": null
  },
  "url_analysis": {},
  "procmemory": [],
  "signatures": [
    {
      "name": "stealth_network",
      "description": "Network activity detected but not expressed in monitor API logs",
      "categories": [
        "stealth"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "ip": "72.154.7.102"
        },
        {
          "ip": "72.154.7.97"
        },
        {
          "ip": "72.154.7.109"
        },
        {
          "ip": "72.154.7.16"
        },
        {
          "ip": "135.232.92.97"
        },
        {
          "ip": "176.99.136.153"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "network_cnc_http",
      "description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
      "categories": [
        "network",
        "c2"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 30,
      "references": [],
      "data": [
        {
          "ip_hostname": "HTTP connection was made to an IP address rather than domain name"
        },
        {
          "suspicious_request": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "suspicious_request": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "suspicious_request": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "suspicious_request": "http://176.99.136.153/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com"
        },
        {
          "suspicious_request": "http://176.99.136.153/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735?P1=1772666602&P2=404&P3=2&P4=eS7Qqh1d9sSObVw%2flrorCBtugsthhvXWViejdDtr%2fbOFcNjSS3ocHC71%2btMwa7bI%2bhBJHKPJMAAFm1I%2bUQ4PQA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "suspicious_request": "http://176.99.136.153/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com"
        },
        {
          "suspicious_request": "http://176.99.136.153/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828?P1=1772666612&P2=404&P3=2&P4=HB9aBsWjI8oT4EdcW8r5scELI1nXINxriza63jAkCkhmEW5RMuIfExHxfYu902Xmkus%2fqNy4NG%2fYzvZu25DYjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "suspicious_request": "http://176.99.136.153/filestreamingservice/files/3b144c99-73bc-4238-bac7-a9eae26ac9ad?P1=1772667279&P2=404&P3=2&P4=jIQwoh6qn9oGHl6MytQ96iNQ%2fP9klFDj7gGNTyKq8NTxFFGuPW4MMsqlzl1M9jZLhQXKHkc%2bouzM82UWCWdEhA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "suspicious_request": "http://176.99.136.153/filestreamingservice/files/fe0cb85d-cd38-42c1-8fb5-7c913a9185ab?P1=1772667357&P2=404&P3=2&P4=luIrOy9BZwJWKiWqiAroXwvIL%2fBrxzVm7cVAl467AVaOS0fDXPF20uKWpU7VqIRrPel7tgm0QVEUUWuv8okfdw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "suspicious_request": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "network_http",
      "description": "Performs some HTTP requests",
      "categories": [
        "network"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 30,
      "references": [],
      "data": [
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735?P1=1772666602&P2=404&P3=2&P4=eS7Qqh1d9sSObVw%2flrorCBtugsthhvXWViejdDtr%2fbOFcNjSS3ocHC71%2btMwa7bI%2bhBJHKPJMAAFm1I%2bUQ4PQA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828?P1=1772666612&P2=404&P3=2&P4=HB9aBsWjI8oT4EdcW8r5scELI1nXINxriza63jAkCkhmEW5RMuIfExHxfYu902Xmkus%2fqNy4NG%2fYzvZu25DYjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/3b144c99-73bc-4238-bac7-a9eae26ac9ad?P1=1772667279&P2=404&P3=2&P4=jIQwoh6qn9oGHl6MytQ96iNQ%2fP9klFDj7gGNTyKq8NTxFFGuPW4MMsqlzl1M9jZLhQXKHkc%2bouzM82UWCWdEhA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/fe0cb85d-cd38-42c1-8fb5-7c913a9185ab?P1=1772667357&P2=404&P3=2&P4=luIrOy9BZwJWKiWqiAroXwvIL%2fBrxzVm7cVAl467AVaOS0fDXPF20uKWpU7VqIRrPel7tgm0QVEUUWuv8okfdw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "packer_unknown_pe_section_name",
      "description": "The binary contains an unknown PE section name indicative of packing",
      "categories": [
        "packer"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "unknown section": {
            "name": ".itext",
            "raw_address": "0x00019e00",
            "virtual_address": "0x00044000",
            "virtual_size": "0x00001000",
            "size_of_data": "0x00000200",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xc0000040",
            "entropy": "6.49"
          }
        },
        {
          "unknown section": {
            "name": ".adata",
            "raw_address": "0x00027000",
            "virtual_address": "0x0005c000",
            "virtual_size": "0x00001000",
            "size_of_data": "0x00000000",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xc0000040",
            "entropy": "0.00"
          }
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "packer_entropy",
      "description": "The binary likely contains encrypted or compressed data",
      "categories": [
        "packer"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 100,
      "references": [
        "http://www.forensickb.com/2013/03/file-entropy-explained.html",
        "http://virii.es/U/Using%20Entropy%20Analysis%20to%20Find%20Encrypted%20and%20Packed%20Malware.pdf"
      ],
      "data": [
        {
          "section": {
            "name": ".text",
            "raw_address": "0x00000400",
            "virtual_address": "0x00001000",
            "virtual_size": "0x00043000",
            "size_of_data": "0x00019a00",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xc0000040",
            "entropy": "8.00"
          }
        },
        {
          "section": {
            "name": ".idata",
            "raw_address": "0x0001a400",
            "virtual_address": "0x00047000",
            "virtual_size": "0x00006000",
            "size_of_data": "0x00001800",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xc0000040",
            "entropy": "7.77"
          }
        },
        {
          "section": {
            "name": ".reloc",
            "raw_address": "0x0001fa00",
            "virtual_address": "0x00052000",
            "virtual_size": "0x00004000",
            "size_of_data": "0x00002a00",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xc0000040",
            "entropy": "7.87"
          }
        },
        {
          "section": {
            "name": ".rsrc",
            "raw_address": "0x00022400",
            "virtual_address": "0x00056000",
            "virtual_size": "0x00004000",
            "size_of_data": "0x00003600",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xc0000040",
            "entropy": "7.93"
          }
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "binary_yara",
      "description": "Binary file triggered multiple YARA rules",
      "categories": [
        "static"
      ],
      "severity": 3,
      "weight": 1,
      "confidence": 80,
      "references": [],
      "data": [
        {
          "Binary triggered YARA rule": "INDICATOR_EXE_Packed_ASPack"
        },
        {
          "Binary triggered YARA rule": "suspicious_packer_section"
        },
        {
          "Binary triggered YARA rule": "ASPackv212AlexeySolodovnikov"
        },
        {
          "Binary triggered YARA rule": "ASProtectV2XDLLAlexeySolodovnikov"
        },
        {
          "Binary triggered YARA rule": "IsPE32"
        },
        {
          "Binary triggered YARA rule": "IsDLL"
        },
        {
          "Binary triggered YARA rule": "IsWindowsGUI"
        },
        {
          "Binary triggered YARA rule": "IsPacked"
        },
        {
          "Binary triggered YARA rule": "ASPack_v212_additional"
        },
        {
          "Binary triggered YARA rule": "ASPack_v21_additional"
        },
        {
          "Binary triggered YARA rule": "ASProtect_V2X_DLL_Alexey_Solodovnikov"
        },
        {
          "Binary triggered YARA rule": "ASPack_v212"
        },
        {
          "Binary triggered YARA rule": "yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h"
        },
        {
          "Binary triggered YARA rule": "ASPack_v211d"
        },
        {
          "Binary triggered YARA rule": "ASProtect_V2X_DLL_Alexey_Solodovnikov_additional"
        },
        {
          "Binary triggered YARA rule": "ASPack_212withouth_Poly_Solodovnikov_Alexey"
        },
        {
          "Binary triggered YARA rule": "ASPack_v212_Alexey_Solodovnikov"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "network_questionable_http_path",
      "description": "Makes a suspicious HTTP request to a commonly exploitable directory with questionable file ext",
      "categories": [
        "network"
      ],
      "severity": 3,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772667035&P2=404&P3=2&P4=Dxm0MQ0r8wJBywFPdaaix9tzgCbtb6TMyf15OeUQLxdKnb0skxr4k68jPjJjUkyljucNAWn7tAjopIgFHNemjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/04321851-7dec-4cfd-8c57-da0b4ae64040?P1=1772670962&P2=404&P3=2&P4=F2UM84gXZLFVtCfpoZmD50l%2bXu1tJPvEHpNo4EgEz0HwXsMbr8c7hQLQTZprkuOGmc48yIoGGdoMBNrYzK%2f0Tw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=4.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735?P1=1772666602&P2=404&P3=2&P4=eS7Qqh1d9sSObVw%2flrorCBtugsthhvXWViejdDtr%2fbOFcNjSS3ocHC71%2btMwa7bI%2bhBJHKPJMAAFm1I%2bUQ4PQA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/27ca12bc-f81d-45ff-95d0-12ad79f15735?P1=1772666602&P2=404&P3=2&P4=eS7Qqh1d9sSObVw%2flrorCBtugsthhvXWViejdDtr%2fbOFcNjSS3ocHC71%2btMwa7bI%2bhBJHKPJMAAFm1I%2bUQ4PQA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828?P1=1772666612&P2=404&P3=2&P4=HB9aBsWjI8oT4EdcW8r5scELI1nXINxriza63jAkCkhmEW5RMuIfExHxfYu902Xmkus%2fqNy4NG%2fYzvZu25DYjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/2a0007f4-9769-4709-9244-a28f54f70828?P1=1772666612&P2=404&P3=2&P4=HB9aBsWjI8oT4EdcW8r5scELI1nXINxriza63jAkCkhmEW5RMuIfExHxfYu902Xmkus%2fqNy4NG%2fYzvZu25DYjA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/3b144c99-73bc-4238-bac7-a9eae26ac9ad?P1=1772667279&P2=404&P3=2&P4=jIQwoh6qn9oGHl6MytQ96iNQ%2fP9klFDj7gGNTyKq8NTxFFGuPW4MMsqlzl1M9jZLhQXKHkc%2bouzM82UWCWdEhA%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/fe0cb85d-cd38-42c1-8fb5-7c913a9185ab?P1=1772667357&P2=404&P3=2&P4=luIrOy9BZwJWKiWqiAroXwvIL%2fBrxzVm7cVAl467AVaOS0fDXPF20uKWpU7VqIRrPel7tgm0QVEUUWuv8okfdw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://176.99.136.153/filestreamingservice/files/080ef4a0-be38-451d-bc0c-6f002879786f?P1=1772675240&P2=404&P3=2&P4=XulOwRGtMZzcNKQGALMkMyn4znaN%2bw51OI%2bu68BMlQC68jblctprOUDXdVXREvmHnKMSEyyKhlEqi0s4sVMbYw%3d%3d&cacheHostOrigin=tlu.dl.delivery.mp.microsoft.com"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "static_pe_anomaly",
      "description": "Anomalous binary characteristics",
      "categories": [
        "static"
      ],
      "severity": 3,
      "weight": 2,
      "confidence": 80,
      "references": [],
      "data": [
        {
          "anomaly": "Entrypoint of binary points to a non-executable code section"
        },
        {
          "anomaly": "Actual checksum does not match that reported in PE header"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    }
  ],
  "malscore": 3.1,
  "ttps": [
    {
      "signature": "stealth_network",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "binary_yara",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "network_cnc_http",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OB0004",
        "B0033",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "network_http",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "network_questionable_http_path",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "packer_unknown_pe_section_name",
      "ttps": [
        "T1027.002",
        "T1027"
      ],
      "mbcs": [
        "OB0001",
        "OB0002",
        "OB0006",
        "F0001"
      ]
    },
    {
      "signature": "packer_entropy",
      "ttps": [
        "T1027.002",
        "T1027"
      ],
      "mbcs": [
        "OB0001",
        "OB0002",
        "OB0006",
        "F0001"
      ]
    },
    {
      "signature": "static_pe_anomaly",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    }
  ],
  "malstatus": "Clean"
}