{
  "statistics": {
    "processing": [
      {
        "name": "CAPE",
        "time": 3.459
      },
      {
        "name": "AnalysisInfo",
        "time": 0.016
      },
      {
        "name": "BehaviorAnalysis",
        "time": 0.289
      },
      {
        "name": "Debug",
        "time": 0.001
      },
      {
        "name": "NetworkAnalysis",
        "time": 19.013
      },
      {
        "name": "Suricata",
        "time": 17.475
      },
      {
        "name": "UrlAnalysis",
        "time": 0.0
      },
      {
        "name": "script_log_processing",
        "time": 0.0
      },
      {
        "name": "ProcessMemory",
        "time": 0.0
      }
    ],
    "signatures": [
      {
        "name": "packer_themida",
        "time": 0.0
      },
      {
        "name": "stealth_network",
        "time": 0.0
      },
      {
        "name": "disable_driver_via_blocklist",
        "time": 0.0
      },
      {
        "name": "disable_driver_via_hvcidisallowedimages",
        "time": 0.0
      },
      {
        "name": "disable_hypervisor_protected_code_integrity",
        "time": 0.0
      },
      {
        "name": "pendingfilerenameoperations_Operations",
        "time": 0.0
      },
      {
        "name": "anomalous_deletefile",
        "time": 0.0
      },
      {
        "name": "antiav_360_libs",
        "time": 0.0
      },
      {
        "name": "antiav_ahnlab_libs",
        "time": 0.0
      },
      {
        "name": "antiav_avast_libs",
        "time": 0.0
      },
      {
        "name": "antiav_bitdefender_libs",
        "time": 0.0
      },
      {
        "name": "antiav_bullguard_libs",
        "time": 0.0
      },
      {
        "name": "antiav_emsisoft_libs",
        "time": 0.0
      },
      {
        "name": "antiav_qurb_libs",
        "time": 0.0
      },
      {
        "name": "antiav_servicestop",
        "time": 0.0
      },
      {
        "name": "antiav_apioverride_libs",
        "time": 0.0
      },
      {
        "name": "antidebug_guardpages",
        "time": 0.0
      },
      {
        "name": "antidebug_ntcreatethreadex",
        "time": 0.0
      },
      {
        "name": "antiav_nthookengine_libs",
        "time": 0.0
      },
      {
        "name": "antidebug_outputdebugstring",
        "time": 0.0
      },
      {
        "name": "antidebug_setunhandledexceptionfilter",
        "time": 0.0
      },
      {
        "name": "antidebug_windows",
        "time": 0.0
      },
      {
        "name": "antisandbox_cuckoocrash",
        "time": 0.0
      },
      {
        "name": "antisandbox_foregroundwindows",
        "time": 0.0
      },
      {
        "name": "mouse_movement_detect",
        "time": 0.0
      },
      {
        "name": "antisandbox_sboxie_libs",
        "time": 0.0
      },
      {
        "name": "antisandbox_script_timer",
        "time": 0.0
      },
      {
        "name": "antisandbox_sleep",
        "time": 0.0
      },
      {
        "name": "antisandbox_sunbelt_libs",
        "time": 0.0
      },
      {
        "name": "antisandbox_unhook",
        "time": 0.0
      },
      {
        "name": "antivm_directory_objects",
        "time": 0.0
      },
      {
        "name": "antivm_display",
        "time": 0.0
      },
      {
        "name": "antivm_generic_disk",
        "time": 0.0
      },
      {
        "name": "antivm_generic_scsi",
        "time": 0.0
      },
      {
        "name": "antivm_generic_services",
        "time": 0.0
      },
      {
        "name": "antivm_generic_system",
        "time": 0.0
      },
      {
        "name": "antivm_checks_available_memory",
        "time": 0.0
      },
      {
        "name": "detect_virtualization_via_recent_files",
        "time": 0.0
      },
      {
        "name": "antivm_vbox_libs",
        "time": 0.0
      },
      {
        "name": "antivm_vbox_window",
        "time": 0.0
      },
      {
        "name": "antivm_vmware_events",
        "time": 0.0
      },
      {
        "name": "antivm_vmware_libs",
        "time": 0.0
      },
      {
        "name": "antivm_wmi",
        "time": 0.0
      },
      {
        "name": "api_spamming",
        "time": 0.0
      },
      {
        "name": "api_uuidfromstringa",
        "time": 0.0
      },
      {
        "name": "bcdedit_command",
        "time": 0.0
      },
      {
        "name": "bootkit",
        "time": 0.0
      },
      {
        "name": "direct_hdd_access",
        "time": 0.0
      },
      {
        "name": "physical_drive_access",
        "time": 0.0
      },
      {
        "name": "potential_overwrite_mbr",
        "time": 0.0
      },
      {
        "name": "read_file_raw_disk_access",
        "time": 0.0
      },
      {
        "name": "suspicious_iocontrol_codes",
        "time": 0.0
      },
      {
        "name": "browser_needed",
        "time": 0.0
      },
      {
        "name": "firefox_disables_process_tab",
        "time": 0.0
      },
      {
        "name": "regsvr32_squiblydoo_dll_load",
        "time": 0.0
      },
      {
        "name": "uac_bypass_cmstp",
        "time": 0.0
      },
      {
        "name": "uac_bypass_eventvwr",
        "time": 0.0
      },
      {
        "name": "uac_bypass_windows_Backup",
        "time": 0.0
      },
      {
        "name": "dotnet_code_compile",
        "time": 0.0
      },
      {
        "name": "queries_computer_name",
        "time": 0.0
      },
      {
        "name": "queries_user_name",
        "time": 0.0
      },
      {
        "name": "creates_largekey",
        "time": 0.0
      },
      {
        "name": "creates_nullvalue",
        "time": 0.0
      },
      {
        "name": "access_windows_passwords_vault",
        "time": 0.0
      },
      {
        "name": "dump_lsa_via_windows_error_reporting",
        "time": 0.0
      },
      {
        "name": "lsass_credential_dumping",
        "time": 0.0
      },
      {
        "name": "critical_process",
        "time": 0.0
      },
      {
        "name": "cryptopool_domains",
        "time": 0.0
      },
      {
        "name": "dead_connect",
        "time": 0.0
      },
      {
        "name": "dead_link",
        "time": 0.0
      },
      {
        "name": "decoy_document",
        "time": 0.0
      },
      {
        "name": "decoy_image",
        "time": 0.0
      },
      {
        "name": "deletes_consolehost_history",
        "time": 0.0
      },
      {
        "name": "deletes_self",
        "time": 0.0
      },
      {
        "name": "dep_bypass",
        "time": 0.0
      },
      {
        "name": "dep_disable",
        "time": 0.0
      },
      {
        "name": "disables_spdy",
        "time": 0.0
      },
      {
        "name": "disables_wfp",
        "time": 0.0
      },
      {
        "name": "add_windows_defender_exclusions",
        "time": 0.0
      },
      {
        "name": "mountpoints_volume_discovery",
        "time": 0.0
      },
      {
        "name": "dll_load_uncommon_file_types",
        "time": 0.0
      },
      {
        "name": "document_script_exe_drop",
        "time": 0.0
      },
      {
        "name": "guloader_apis",
        "time": 0.0
      },
      {
        "name": "driver_load",
        "time": 0.0
      },
      {
        "name": "dynamic_function_loading",
        "time": 0.0
      },
      {
        "name": "encrypted_ioc",
        "time": 0.0
      },
      {
        "name": "exec_crash",
        "time": 0.0
      },
      {
        "name": "process_creation_suspicious_location",
        "time": 0.0
      },
      {
        "name": "exploit_getbasekerneladdress",
        "time": 0.0
      },
      {
        "name": "exploit_gethaldispatchtable",
        "time": 0.0
      },
      {
        "name": "exploit_heapspray",
        "time": 0.0
      },
      {
        "name": "koadic_apis",
        "time": 0.0
      },
      {
        "name": "koadic_network_activity",
        "time": 0.0
      },
      {
        "name": "downloads_from_filehosting",
        "time": 0.0
      },
      {
        "name": "generic_phish",
        "time": 0.0
      },
      {
        "name": "http_request",
        "time": 0.0
      },
      {
        "name": "infostealer_browser",
        "time": 0.0
      },
      {
        "name": "infostealer_browser_password",
        "time": 0.0
      },
      {
        "name": "infostealer_cookies",
        "time": 0.0
      },
      {
        "name": "cryptbot_network",
        "time": 0.0
      },
      {
        "name": "masslogger_artifacts",
        "time": 0.0
      },
      {
        "name": "masslogger_version",
        "time": 0.0
      },
      {
        "name": "purplewave_network_activity",
        "time": 0.0
      },
      {
        "name": "quilclipper_behavior",
        "time": 0.0
      },
      {
        "name": "raccoon_behavior",
        "time": 0.0
      },
      {
        "name": "captures_screenshot",
        "time": 0.0
      },
      {
        "name": "vidar_behavior",
        "time": 0.0
      },
      {
        "name": "injection_createremotethread",
        "time": 0.0
      },
      {
        "name": "creates_suspended_process",
        "time": 0.0
      },
      {
        "name": "injection_explorer",
        "time": 0.0
      },
      {
        "name": "injection_network_traffic",
        "time": 0.0
      },
      {
        "name": "injection_runpe",
        "time": 0.0
      },
      {
        "name": "injection_rwx",
        "time": 0.0
      },
      {
        "name": "injection_themeinitapihook",
        "time": 0.0
      },
      {
        "name": "resumethread_remote_process",
        "time": 0.0
      },
      {
        "name": "injection_write_exe_process",
        "time": 0.0
      },
      {
        "name": "injection_write_process",
        "time": 0.0
      },
      {
        "name": "internet_dropper",
        "time": 0.0
      },
      {
        "name": "escalate_privilege_via_named_pipe",
        "time": 0.0
      },
      {
        "name": "ipc_namedpipe",
        "time": 0.0
      },
      {
        "name": "js_phish",
        "time": 0.0
      },
      {
        "name": "js_suspicious_redirect",
        "time": 0.0
      },
      {
        "name": "loader_alien",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_internet_explorer_exporter",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_run_exe_helper_utility",
        "time": 0.0
      },
      {
        "name": "execute_ps_via_syncappvpublishingserver",
        "time": 0.0
      },
      {
        "name": "malicious_dynamic_function_loading",
        "time": 0.0
      },
      {
        "name": "encrypt_pcinfo",
        "time": 0.0
      },
      {
        "name": "encrypt_data_agenttesla_http",
        "time": 0.0
      },
      {
        "name": "encrypt_data_agentteslat2_http",
        "time": 0.0
      },
      {
        "name": "encrypt_data_nanocore",
        "time": 0.0
      },
      {
        "name": "reads_memory_remote_process",
        "time": 0.0
      },
      {
        "name": "mimics_filetime",
        "time": 0.0
      },
      {
        "name": "amsi_bypass_via_com_registry",
        "time": 0.0
      },
      {
        "name": "access_auto_logons_via_registry",
        "time": 0.0
      },
      {
        "name": "access_boot_key_via_registry",
        "time": 0.0
      },
      {
        "name": "create_suspicious_lnk_files",
        "time": 0.0
      },
      {
        "name": "credential_access_via_windows_credential_history",
        "time": 0.0
      },
      {
        "name": "dll_hijacking_via_microsoft_exchange",
        "time": 0.0
      },
      {
        "name": "dll_hijacking_via_waas_medic_svc_com_typelib",
        "time": 0.0
      },
      {
        "name": "execute_file_downloaded_via_openssh",
        "time": 0.0
      },
      {
        "name": "execute_safe_mode_from_suspicious_process",
        "time": 0.0
      },
      {
        "name": "execute_scripts_via_microsoft_management_console",
        "time": 0.0
      },
      {
        "name": "execute_suspicious_processes_via_windows_mssql_service",
        "time": 0.0
      },
      {
        "name": "execution_from_self_extracting_archive",
        "time": 0.0
      },
      {
        "name": "ip_address_discovery_via_trusted_program",
        "time": 0.0
      },
      {
        "name": "load_dll_via_control_panel",
        "time": 0.0
      },
      {
        "name": "network_connection_via_suspicious_process",
        "time": 0.0
      },
      {
        "name": "potential_location_discovery_via_unusual_process",
        "time": 0.0
      },
      {
        "name": "store_executable_registry",
        "time": 0.0
      },
      {
        "name": "Suspicious_Execution_Via_MicrosoftExchangeTransportAgent",
        "time": 0.0
      },
      {
        "name": "suspicious_java_execution_via_win_scripts",
        "time": 0.0
      },
      {
        "name": "Suspicious_Scheduled_Task_Creation_Via_Masqueraded_XML_File",
        "time": 0.0
      },
      {
        "name": "uses_restart_manager_for_suspicious_activities",
        "time": 0.0
      },
      {
        "name": "modify_desktop_wallpaper",
        "time": 0.0
      },
      {
        "name": "modify_zoneid_ads",
        "time": 0.0
      },
      {
        "name": "move_file_on_reboot",
        "time": 0.0
      },
      {
        "name": "multiple_useragents",
        "time": 0.0
      },
      {
        "name": "network_anomaly",
        "time": 0.0
      },
      {
        "name": "network_bind",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_archive",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_free_webhosting",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_generic",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_interactsh",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_opensource",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_pastesite",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_payload",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_serviceinterface",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_socialmedia",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_telegram",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_tempstorage",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_temp_urldns",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_urlshortener",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_useragent",
        "time": 0.0
      },
      {
        "name": "network_cnc_smtps_exfil",
        "time": 0.0
      },
      {
        "name": "network_cnc_smtps_generic",
        "time": 0.0
      },
      {
        "name": "network_dns_idn",
        "time": 0.0
      },
      {
        "name": "network_dns_suspicious_querytype",
        "time": 0.0
      },
      {
        "name": "network_dns_tunneling_request",
        "time": 0.0
      },
      {
        "name": "network_document_http",
        "time": 0.0
      },
      {
        "name": "explorer_http",
        "time": 0.0
      },
      {
        "name": "network_fake_useragent",
        "time": 0.0
      },
      {
        "name": "legitimate_domain_abuse",
        "time": 0.0
      },
      {
        "name": "suspicious_communication_trusted_site",
        "time": 0.0
      },
      {
        "name": "network_tor",
        "time": 0.0
      },
      {
        "name": "office_com_load",
        "time": 0.0
      },
      {
        "name": "office_dotnet_load",
        "time": 0.0
      },
      {
        "name": "office_mshtml_load",
        "time": 0.0
      },
      {
        "name": "office_vb_load",
        "time": 0.0
      },
      {
        "name": "office_wmi_load",
        "time": 0.0
      },
      {
        "name": "office_cve2017_11882",
        "time": 0.0
      },
      {
        "name": "office_cve2017_11882_network",
        "time": 0.0
      },
      {
        "name": "office_cve_2021_40444",
        "time": 0.0
      },
      {
        "name": "office_cve_2021_40444_m2",
        "time": 0.0
      },
      {
        "name": "office_flash_load",
        "time": 0.0
      },
      {
        "name": "office_postscript",
        "time": 0.0
      },
      {
        "name": "office_suspicious_processes",
        "time": 0.0
      },
      {
        "name": "office_write_exe",
        "time": 0.0
      },
      {
        "name": "persistence_via_autodial_dll_registry",
        "time": 0.0
      },
      {
        "name": "persistence_autorun",
        "time": 0.0
      },
      {
        "name": "persistence_autorun_tasks",
        "time": 0.0
      },
      {
        "name": "persistence_bootexecute",
        "time": 0.0
      },
      {
        "name": "persistence_registry_script",
        "time": 0.0
      },
      {
        "name": "powershell_network_connection",
        "time": 0.0
      },
      {
        "name": "powershell_download",
        "time": 0.0
      },
      {
        "name": "powershell_request",
        "time": 0.0
      },
      {
        "name": "createtoolhelp32snapshot_module_enumeration",
        "time": 0.0
      },
      {
        "name": "enumerates_running_processes",
        "time": 0.0
      },
      {
        "name": "process_interest",
        "time": 0.0
      },
      {
        "name": "process_needed",
        "time": 0.0
      },
      {
        "name": "mass_data_encryption",
        "time": 0.0
      },
      {
        "name": "ransomware_file_modifications",
        "time": 0.0
      },
      {
        "name": "ransomware_message",
        "time": 0.0
      },
      {
        "name": "nemty_network_activity",
        "time": 0.0
      },
      {
        "name": "nemty_note",
        "time": 0.0
      },
      {
        "name": "sodinokibi_behavior",
        "time": 0.0
      },
      {
        "name": "stop_ransomware_registry",
        "time": 0.0
      },
      {
        "name": "blackrat_apis",
        "time": 0.0
      },
      {
        "name": "blackrat_network_activity",
        "time": 0.0
      },
      {
        "name": "blackrat_registry_keys",
        "time": 0.0
      },
      {
        "name": "dcrat_behavior",
        "time": 0.0
      },
      {
        "name": "karagany_system_event_objects",
        "time": 0.0
      },
      {
        "name": "rat_luminosity",
        "time": 0.0
      },
      {
        "name": "rat_nanocore",
        "time": 0.0
      },
      {
        "name": "netwire_behavior",
        "time": 0.0
      },
      {
        "name": "obliquerat_network_activity",
        "time": 0.0
      },
      {
        "name": "orcusrat_behavior",
        "time": 0.0
      },
      {
        "name": "trochilusrat_apis",
        "time": 0.0
      },
      {
        "name": "reads_self",
        "time": 0.0
      },
      {
        "name": "recon_beacon",
        "time": 0.0
      },
      {
        "name": "recon_programs",
        "time": 0.0
      },
      {
        "name": "recon_systeminfo",
        "time": 0.0
      },
      {
        "name": "accesses_recyclebin",
        "time": 0.0
      },
      {
        "name": "remcos_shell_code_dynamic_wrapper_x",
        "time": 0.0
      },
      {
        "name": "removes_zoneid_ads",
        "time": 0.0
      },
      {
        "name": "script_created_process",
        "time": 0.0
      },
      {
        "name": "script_network_activity",
        "time": 0.0
      },
      {
        "name": "suspicious_js_script",
        "time": 0.0
      },
      {
        "name": "javascript_timer",
        "time": 0.0
      },
      {
        "name": "secure_login_phishing",
        "time": 0.0
      },
      {
        "name": "securityxploded_modules",
        "time": 0.0
      },
      {
        "name": "get_clipboard_data",
        "time": 0.0
      },
      {
        "name": "sets_autoconfig_url",
        "time": 0.0
      },
      {
        "name": "spoofs_procname",
        "time": 0.0
      },
      {
        "name": "stack_pivot",
        "time": 0.0
      },
      {
        "name": "stack_pivot_file_created",
        "time": 0.0
      },
      {
        "name": "stack_pivot_process_create",
        "time": 0.0
      },
      {
        "name": "set_clipboard_data",
        "time": 0.0
      },
      {
        "name": "stealth_childproc",
        "time": 0.0
      },
      {
        "name": "stealth_file",
        "time": 0.0
      },
      {
        "name": "stealth_timeout",
        "time": 0.0
      },
      {
        "name": "stealth_window",
        "time": 0.0
      },
      {
        "name": "queries_keyboard_layout",
        "time": 0.0
      },
      {
        "name": "queries_locale_api",
        "time": 0.0
      },
      {
        "name": "terminates_remote_process",
        "time": 0.0
      },
      {
        "name": "uiautomationcore_load",
        "time": 0.0
      },
      {
        "name": "user_enum",
        "time": 0.0
      },
      {
        "name": "mmc_dll_script_load",
        "time": 0.0
      },
      {
        "name": "mmc_dotnet_load",
        "time": 0.0
      },
      {
        "name": "virus",
        "time": 0.0
      },
      {
        "name": "neshta_files",
        "time": 0.0
      },
      {
        "name": "neshta_regkeys",
        "time": 0.0
      },
      {
        "name": "webmail_phish",
        "time": 0.0
      },
      {
        "name": "persists_dev_util",
        "time": 0.0
      },
      {
        "name": "spawns_dev_util",
        "time": 0.0
      },
      {
        "name": "alters_windows_utility",
        "time": 0.0
      },
      {
        "name": "overwrites_accessibility_utility",
        "time": 0.0
      },
      {
        "name": "Potential_Lateral_Movement_Via_SMBEXEC",
        "time": 0.0
      },
      {
        "name": "potential_WebShell_Via_ScreenConnectServer",
        "time": 0.0
      },
      {
        "name": "uses_Microsoft_HTML_Help_Executable",
        "time": 0.0
      },
      {
        "name": "wiper_zeroedbytes",
        "time": 0.0
      },
      {
        "name": "wmi_create_process",
        "time": 0.0
      },
      {
        "name": "wmi_script_process",
        "time": 0.0
      },
      {
        "name": "antianalysis_tls_section",
        "time": 0.0
      },
      {
        "name": "antivirus_clamav",
        "time": 0.0
      },
      {
        "name": "antivirus_virustotal",
        "time": 0.0
      },
      {
        "name": "bad_certs",
        "time": 0.0
      },
      {
        "name": "bad_ssl_certs",
        "time": 0.0
      },
      {
        "name": "banker_zeus_p2p",
        "time": 0.0
      },
      {
        "name": "banker_zeus_url",
        "time": 0.002
      },
      {
        "name": "binary_yara",
        "time": 0.0
      },
      {
        "name": "bot_athenahttp",
        "time": 0.0
      },
      {
        "name": "bot_dirtjumper",
        "time": 0.0
      },
      {
        "name": "bot_drive",
        "time": 0.0
      },
      {
        "name": "bot_drive2",
        "time": 0.0
      },
      {
        "name": "bot_madness",
        "time": 0.0
      },
      {
        "name": "phishing_kit_detected",
        "time": 0.0
      },
      {
        "name": "family_proxyback",
        "time": 0.0
      },
      {
        "name": "flare_capa_antianalysis",
        "time": 0.0
      },
      {
        "name": "flare_capa_collection",
        "time": 0.0
      },
      {
        "name": "flare_capa_communication",
        "time": 0.0
      },
      {
        "name": "flare_capa_compiler",
        "time": 0.0
      },
      {
        "name": "flare_capa_datamanipulation",
        "time": 0.0
      },
      {
        "name": "flare_capa_executable",
        "time": 0.0
      },
      {
        "name": "flare_capa_hostinteraction",
        "time": 0.0
      },
      {
        "name": "flare_capa_impact",
        "time": 0.0
      },
      {
        "name": "flare_capa_lib",
        "time": 0.0
      },
      {
        "name": "flare_capa_linking",
        "time": 0.0
      },
      {
        "name": "flare_capa_loadcode",
        "time": 0.0
      },
      {
        "name": "flare_capa_malwarefamily",
        "time": 0.0
      },
      {
        "name": "flare_capa_nursery",
        "time": 0.0
      },
      {
        "name": "flare_capa_persistence",
        "time": 0.0
      },
      {
        "name": "flare_capa_runtime",
        "time": 0.0
      },
      {
        "name": "flare_capa_targeting",
        "time": 0.0
      },
      {
        "name": "threatfox",
        "time": 0.0
      },
      {
        "name": "log4shell",
        "time": 0.0
      },
      {
        "name": "mimics_extension",
        "time": 0.0
      },
      {
        "name": "network_country_distribution",
        "time": 0.0
      },
      {
        "name": "network_cnc_http",
        "time": 0.064
      },
      {
        "name": "network_ip_exe",
        "time": 0.001
      },
      {
        "name": "network_dga",
        "time": 0.0
      },
      {
        "name": "network_dga_fraunhofer",
        "time": 0.0
      },
      {
        "name": "network_dyndns",
        "time": 0.007
      },
      {
        "name": "network_excessive_udp",
        "time": 0.0
      },
      {
        "name": "network_http",
        "time": 0.023
      },
      {
        "name": "network_icmp",
        "time": 0.0
      },
      {
        "name": "network_irc",
        "time": 0.0
      },
      {
        "name": "network_open_proxy",
        "time": 0.001
      },
      {
        "name": "network_questionable_http_path",
        "time": 0.0
      },
      {
        "name": "network_questionable_https_path",
        "time": 0.0
      },
      {
        "name": "network_smtp",
        "time": 0.0
      },
      {
        "name": "network_torgateway",
        "time": 0.002
      },
      {
        "name": "origin_langid",
        "time": 0.0
      },
      {
        "name": "origin_resource_langid",
        "time": 0.0
      },
      {
        "name": "overlay",
        "time": 0.0
      },
      {
        "name": "packer_unknown_pe_section_name",
        "time": 0.0
      },
      {
        "name": "packer_aspack",
        "time": 0.0
      },
      {
        "name": "packer_aspirecrypt",
        "time": 0.0
      },
      {
        "name": "packer_bedsprotector",
        "time": 0.0
      },
      {
        "name": "packer_confuser",
        "time": 0.0
      },
      {
        "name": "packer_enigma",
        "time": 0.0
      },
      {
        "name": "packer_entropy",
        "time": 0.0
      },
      {
        "name": "packer_mpress",
        "time": 0.0
      },
      {
        "name": "packer_nate",
        "time": 0.0
      },
      {
        "name": "packer_nspack",
        "time": 0.0
      },
      {
        "name": "packer_smartassembly",
        "time": 0.0
      },
      {
        "name": "packer_spices",
        "time": 0.0
      },
      {
        "name": "packer_themida",
        "time": 0.0
      },
      {
        "name": "packer_titan",
        "time": 0.0
      },
      {
        "name": "packer_upx",
        "time": 0.0
      },
      {
        "name": "packer_vmprotect",
        "time": 0.0
      },
      {
        "name": "packer_yoda",
        "time": 0.0
      },
      {
        "name": "pdf_annot_urls_checker",
        "time": 0.0
      },
      {
        "name": "polymorphic",
        "time": 0.0
      },
      {
        "name": "punch_plus_plus_pcres",
        "time": 0.0
      },
      {
        "name": "procmem_yara",
        "time": 0.0
      },
      {
        "name": "recon_checkip",
        "time": 0.001
      },
      {
        "name": "static_authenticode",
        "time": 0.0
      },
      {
        "name": "invalid_authenticode_signature",
        "time": 0.0
      },
      {
        "name": "static_dotnet_anomaly",
        "time": 0.0
      },
      {
        "name": "static_java",
        "time": 0.0
      },
      {
        "name": "static_pdf",
        "time": 0.0
      },
      {
        "name": "contains_pe_overlay",
        "time": 0.0
      },
      {
        "name": "static_pe_anomaly",
        "time": 0.0
      },
      {
        "name": "pe_compile_timestomping",
        "time": 0.0
      },
      {
        "name": "static_pe_pdbpath",
        "time": 0.0
      },
      {
        "name": "static_rat_config",
        "time": 0.0
      },
      {
        "name": "static_versioninfo_anomaly",
        "time": 0.0
      },
      {
        "name": "suricata_alert",
        "time": 0.0
      },
      {
        "name": "suspicious_html_body",
        "time": 0.0
      },
      {
        "name": "suspicious_html_name",
        "time": 0.0
      },
      {
        "name": "suspicious_html_title",
        "time": 0.0
      },
      {
        "name": "volatility_devicetree_1",
        "time": 0.0
      },
      {
        "name": "volatility_handles_1",
        "time": 0.0
      },
      {
        "name": "volatility_ldrmodules_1",
        "time": 0.0
      },
      {
        "name": "volatility_ldrmodules_2",
        "time": 0.0
      },
      {
        "name": "volatility_malfind_1",
        "time": 0.0
      },
      {
        "name": "volatility_malfind_2",
        "time": 0.0
      },
      {
        "name": "volatility_modscan_1",
        "time": 0.0
      },
      {
        "name": "volatility_svcscan_1",
        "time": 0.0
      },
      {
        "name": "volatility_svcscan_2",
        "time": 0.0
      },
      {
        "name": "volatility_svcscan_3",
        "time": 0.0
      },
      {
        "name": "whois_create",
        "time": 0.0
      },
      {
        "name": "accesses_mailslot",
        "time": 0.0
      },
      {
        "name": "accesses_netlogon_regkey",
        "time": 0.001
      },
      {
        "name": "accesses_public_folder",
        "time": 0.0
      },
      {
        "name": "accesses_sysvol",
        "time": 0.001
      },
      {
        "name": "writes_sysvol",
        "time": 0.0
      },
      {
        "name": "adds_admin_user",
        "time": 0.0
      },
      {
        "name": "adds_user",
        "time": 0.0
      },
      {
        "name": "overwrites_admin_password",
        "time": 0.0
      },
      {
        "name": "antianalysis_detectfile",
        "time": 0.014
      },
      {
        "name": "antianalysis_detectreg",
        "time": 0.036
      },
      {
        "name": "modify_attachment_manager",
        "time": 0.0
      },
      {
        "name": "antiav_detectfile",
        "time": 0.025
      },
      {
        "name": "antiav_detectreg",
        "time": 0.17
      },
      {
        "name": "antiav_srp",
        "time": 0.0
      },
      {
        "name": "antiav_whitespace",
        "time": 0.0
      },
      {
        "name": "antidebug_devices",
        "time": 0.004
      },
      {
        "name": "antiemu_windefend",
        "time": 0.002
      },
      {
        "name": "antiemu_wine_reg",
        "time": 0.0
      },
      {
        "name": "antisandbox_cuckoo_files",
        "time": 0.001
      },
      {
        "name": "antisandbox_fortinet_files",
        "time": 0.001
      },
      {
        "name": "antisandbox_joe_anubis_files",
        "time": 0.001
      },
      {
        "name": "antisandbox_sboxie_mutex",
        "time": 0.0
      },
      {
        "name": "antisandbox_sunbelt_files",
        "time": 0.001
      },
      {
        "name": "antisandbox_threattrack_files",
        "time": 0.001
      },
      {
        "name": "antivm_bochs_keys",
        "time": 0.003
      },
      {
        "name": "antivm_generic_bios",
        "time": 0.002
      },
      {
        "name": "antivm_generic_diskreg",
        "time": 0.008
      },
      {
        "name": "antivm_hyperv_keys",
        "time": 0.003
      },
      {
        "name": "antivm_parallels_keys",
        "time": 0.01
      },
      {
        "name": "antivm_recentdocs",
        "time": 0.0
      },
      {
        "name": "antivm_vbox_devices",
        "time": 0.002
      },
      {
        "name": "antivm_vbox_files",
        "time": 0.01
      },
      {
        "name": "antivm_vbox_keys",
        "time": 0.019
      },
      {
        "name": "antivm_vmware_devices",
        "time": 0.0
      },
      {
        "name": "antivm_vmware_files",
        "time": 0.003
      },
      {
        "name": "antivm_vmware_keys",
        "time": 0.013
      },
      {
        "name": "antivm_vmware_mutexes",
        "time": 0.001
      },
      {
        "name": "antivm_vpc_files",
        "time": 0.001
      },
      {
        "name": "antivm_vpc_keys",
        "time": 0.006
      },
      {
        "name": "antivm_vpc_mutex",
        "time": 0.0
      },
      {
        "name": "antivm_xen_keys",
        "time": 0.009
      },
      {
        "name": "asyncrat_mutex",
        "time": 0.0
      },
      {
        "name": "gulpix_behavior",
        "time": 0.0
      },
      {
        "name": "ketrican_regkeys",
        "time": 0.004
      },
      {
        "name": "okrum_mutexes",
        "time": 0.0
      },
      {
        "name": "banker_cridex",
        "time": 0.001
      },
      {
        "name": "geodo_banking_trojan",
        "time": 0.006
      },
      {
        "name": "banker_spyeye_mutexes",
        "time": 0.001
      },
      {
        "name": "banker_zeus_mutex",
        "time": 0.001
      },
      {
        "name": "bitcoin_opencl",
        "time": 0.0
      },
      {
        "name": "enumerates_physical_drives",
        "time": 0.0
      },
      {
        "name": "bot_russkill",
        "time": 0.0
      },
      {
        "name": "browser_addon",
        "time": 0.0
      },
      {
        "name": "chromium_browser_extension_directory",
        "time": 0.0
      },
      {
        "name": "browser_helper_object",
        "time": 0.0
      },
      {
        "name": "browser_security",
        "time": 0.002
      },
      {
        "name": "browser_startpage",
        "time": 0.0
      },
      {
        "name": "ie_disables_process_tab",
        "time": 0.0
      },
      {
        "name": "odbcconf_bypass",
        "time": 0.0
      },
      {
        "name": "squiblydoo_bypass",
        "time": 0.0
      },
      {
        "name": "squiblytwo_bypass",
        "time": 0.0
      },
      {
        "name": "bypass_chromium_protection",
        "time": 0.0
      },
      {
        "name": "bypass_firewall",
        "time": 0.003
      },
      {
        "name": "checks_uac_status",
        "time": 0.001
      },
      {
        "name": "uac_bypass_cmstpcom",
        "time": 0.001
      },
      {
        "name": "uac_bypass_delegateexecute_sdclt",
        "time": 0.0
      },
      {
        "name": "uac_bypass_fodhelper",
        "time": 0.0
      },
      {
        "name": "cape_extracted_content",
        "time": 0.0
      },
      {
        "name": "carberp_mutex",
        "time": 0.0
      },
      {
        "name": "clears_logs",
        "time": 0.001
      },
      {
        "name": "cmdline_obfuscation",
        "time": 0.0
      },
      {
        "name": "cmdline_switches",
        "time": 0.0
      },
      {
        "name": "cmdline_terminate",
        "time": 0.0
      },
      {
        "name": "cmdline_forfiles_wildcard",
        "time": 0.0
      },
      {
        "name": "cmdline_http_link",
        "time": 0.0
      },
      {
        "name": "cmdline_long_string",
        "time": 0.0
      },
      {
        "name": "cmdline_reversed_http_link",
        "time": 0.0
      },
      {
        "name": "long_commandline",
        "time": 0.0
      },
      {
        "name": "powershell_renamed_commandline",
        "time": 0.0
      },
      {
        "name": "copies_self",
        "time": 0.0
      },
      {
        "name": "credwiz_credentialaccess",
        "time": 0.0
      },
      {
        "name": "enables_wdigest",
        "time": 0.0
      },
      {
        "name": "vaultcmd_credentialaccess",
        "time": 0.0
      },
      {
        "name": "file_credential_store_access",
        "time": 0.002
      },
      {
        "name": "file_credential_store_write",
        "time": 0.0
      },
      {
        "name": "kerberos_credential_access_via_rubeus",
        "time": 0.0
      },
      {
        "name": "registry_credential_dumping",
        "time": 0.0
      },
      {
        "name": "registry_credential_store_access",
        "time": 0.002
      },
      {
        "name": "registry_lsa_secrets_access",
        "time": 0.001
      },
      {
        "name": "comsvcs_credentialdump",
        "time": 0.0
      },
      {
        "name": "cryptomining_stratum_command",
        "time": 0.0
      },
      {
        "name": "cypherit_mutexes",
        "time": 0.0
      },
      {
        "name": "darkcomet_regkeys",
        "time": 0.003
      },
      {
        "name": "datop_loader",
        "time": 0.0
      },
      {
        "name": "deepfreeze_mutex",
        "time": 0.0
      },
      {
        "name": "deletes_executed_files",
        "time": 0.0
      },
      {
        "name": "disables_app_launch",
        "time": 0.0
      },
      {
        "name": "disables_auto_app_termination",
        "time": 0.0
      },
      {
        "name": "disables_appv_virtualization",
        "time": 0.0
      },
      {
        "name": "disables_backups",
        "time": 0.002
      },
      {
        "name": "disables_browser_warn",
        "time": 0.001
      },
      {
        "name": "disables_context_menus",
        "time": 0.0
      },
      {
        "name": "disables_cpl_disable",
        "time": 0.0
      },
      {
        "name": "disables_crashdumps",
        "time": 0.0
      },
      {
        "name": "disables_event_logging",
        "time": 0.0
      },
      {
        "name": "disables_folder_options",
        "time": 0.0
      },
      {
        "name": "disables_notificationcenter",
        "time": 0.0
      },
      {
        "name": "disables_power_options",
        "time": 0.001
      },
      {
        "name": "disables_restore_default_state",
        "time": 0.0
      },
      {
        "name": "disables_run_command",
        "time": 0.0
      },
      {
        "name": "disables_smartscreen",
        "time": 0.0
      },
      {
        "name": "disables_startmenu_search",
        "time": 0.001
      },
      {
        "name": "disables_system_restore",
        "time": 0.0
      },
      {
        "name": "disables_uac",
        "time": 0.0
      },
      {
        "name": "disables_wer",
        "time": 0.0
      },
      {
        "name": "disables_windows_defender",
        "time": 0.0
      },
      {
        "name": "disables_windows_defender_logging",
        "time": 0.0
      },
      {
        "name": "removes_windows_defender_contextmenu",
        "time": 0.001
      },
      {
        "name": "removes_windows_defender_updates",
        "time": 0.0
      },
      {
        "name": "windows_defender_powershell",
        "time": 0.0
      },
      {
        "name": "disables_windows_file_protection",
        "time": 0.0
      },
      {
        "name": "disables_windowsupdate",
        "time": 0.0
      },
      {
        "name": "disables_winfirewall",
        "time": 0.0
      },
      {
        "name": "discover_registry_mount_points",
        "time": 0.001
      },
      {
        "name": "adfind_domain_enumeration",
        "time": 0.0
      },
      {
        "name": "domain_enumeration_commands",
        "time": 0.0
      },
      {
        "name": "andromut_mutexes",
        "time": 0.0
      },
      {
        "name": "downloader_cabby",
        "time": 0.001
      },
      {
        "name": "phorpiex_mutexes",
        "time": 0.0
      },
      {
        "name": "protonbot_mutexes",
        "time": 0.0
      },
      {
        "name": "driver_filtermanager",
        "time": 0.001
      },
      {
        "name": "dropper",
        "time": 0.0
      },
      {
        "name": "dll_archive_execution",
        "time": 0.0
      },
      {
        "name": "lnk_archive_execution",
        "time": 0.0
      },
      {
        "name": "script_archive_execution",
        "time": 0.0
      },
      {
        "name": "excel4_macro_urls",
        "time": 0.0
      },
      {
        "name": "escalate_privilege_via_ntlm_relay",
        "time": 0.0
      },
      {
        "name": "spooler_access",
        "time": 0.0
      },
      {
        "name": "spooler_svc_start",
        "time": 0.0
      },
      {
        "name": "mapped_drives_uac",
        "time": 0.0
      },
      {
        "name": "hides_recycle_bin_icon",
        "time": 0.0
      },
      {
        "name": "apocalypse_stealer_file_behavior",
        "time": 0.0
      },
      {
        "name": "arkei_files",
        "time": 0.001
      },
      {
        "name": "azorult_mutexes",
        "time": 0.002
      },
      {
        "name": "infostealer_bitcoin",
        "time": 0.016
      },
      {
        "name": "cryptbot_files",
        "time": 0.001
      },
      {
        "name": "echelon_files",
        "time": 0.002
      },
      {
        "name": "infostealer_ftp",
        "time": 0.065
      },
      {
        "name": "infostealer_im",
        "time": 0.038
      },
      {
        "name": "infostealer_mail",
        "time": 0.018
      },
      {
        "name": "masslogger_files",
        "time": 0.0
      },
      {
        "name": "poullight_files",
        "time": 0.006
      },
      {
        "name": "purplewave_mutexes",
        "time": 0.0
      },
      {
        "name": "quilclipper_mutexes",
        "time": 0.0
      },
      {
        "name": "qulab_files",
        "time": 0.004
      },
      {
        "name": "qulab_mutexes",
        "time": 0.0
      },
      {
        "name": "asyncrat_mutex",
        "time": 0.0
      },
      {
        "name": "Evade_Execution_Via_ASPNet_Compiler",
        "time": 0.0
      },
      {
        "name": "Evade_Execute_Via_DeviceCredentialDeployment",
        "time": 0.0
      },
      {
        "name": "Evade_Execution_Via_Filter_Manager_Control",
        "time": 0.0
      },
      {
        "name": "Evade_Execution_Via_Intel_GFXDownloadWrapper",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_appvlp",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_pcalua",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_OpenSSH",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_pcalua",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_PesterPSModule",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_ScriptRunner",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_ttdinject",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_VisualStudioLiveShare",
        "time": 0.0
      },
      {
        "name": "Execute_Msiexec_Via_Explorer",
        "time": 0.0
      },
      {
        "name": "execute_remote_msi",
        "time": 0.0
      },
      {
        "name": "execute_suspicious_powershell_via_runscripthelper",
        "time": 0.0
      },
      {
        "name": "execute_suspicious_powershell_via_sqlps",
        "time": 0.0
      },
      {
        "name": "Indirect_Command_Execution_Via_ConsoleWindowHost",
        "time": 0.0
      },
      {
        "name": "Perform_Malicious_Activities_Via_Headless_Browser",
        "time": 0.0
      },
      {
        "name": "Register_DLL_Via_CertOC",
        "time": 0.0
      },
      {
        "name": "Register_DLL_Via_MSIEXEC",
        "time": 0.0
      },
      {
        "name": "Register_DLL_Via_Odbcconf",
        "time": 0.0
      },
      {
        "name": "Scriptlet_Proxy_Execution_Via_Pubprn",
        "time": 0.0
      },
      {
        "name": "ie_martian_children",
        "time": 0.0
      },
      {
        "name": "office_martian_children",
        "time": 0.0
      },
      {
        "name": "mimics_icon",
        "time": 0.0
      },
      {
        "name": "masquerade_process_name",
        "time": 0.009
      },
      {
        "name": "mimikatz_modules",
        "time": 0.0
      },
      {
        "name": "ms_office_cmd_rce",
        "time": 0.0
      },
      {
        "name": "mount_copy_to_webdav_share",
        "time": 0.0
      },
      {
        "name": "potential_protocol_tunneling_via_legit_utilities",
        "time": 0.0
      },
      {
        "name": "potential_protocol_tunneling_via_qemu",
        "time": 0.0
      },
      {
        "name": "suspicious_execution_via_dotnet_remoting",
        "time": 0.0
      },
      {
        "name": "modify_certs",
        "time": 0.0
      },
      {
        "name": "dotnet_clr_usagelog_regkeys",
        "time": 0.0
      },
      {
        "name": "modify_hostfile",
        "time": 0.0
      },
      {
        "name": "modify_oem_information",
        "time": 0.0
      },
      {
        "name": "modify_security_center_warnings",
        "time": 0.0
      },
      {
        "name": "modify_uac_prompt",
        "time": 0.0
      },
      {
        "name": "network_dns_blockchain",
        "time": 0.0
      },
      {
        "name": "network_dns_opennic",
        "time": 0.001
      },
      {
        "name": "network_dns_paste_site",
        "time": 0.001
      },
      {
        "name": "network_dns_reverse_proxy",
        "time": 0.0
      },
      {
        "name": "network_dns_temp_file_storage",
        "time": 0.001
      },
      {
        "name": "network_dns_temp_urldns",
        "time": 0.0
      },
      {
        "name": "network_dns_url_shortener",
        "time": 0.008
      },
      {
        "name": "network_dns_doh_tls",
        "time": 0.0
      },
      {
        "name": "suspicious_tld",
        "time": 0.006
      },
      {
        "name": "network_tor_service",
        "time": 0.0
      },
      {
        "name": "office_code_page",
        "time": 0.0
      },
      {
        "name": "office_addinloading",
        "time": 0.0
      },
      {
        "name": "office_perfkey",
        "time": 0.0
      },
      {
        "name": "office_macro",
        "time": 0.0
      },
      {
        "name": "changes_trust_center_settings",
        "time": 0.0
      },
      {
        "name": "disables_vba_trust_access",
        "time": 0.0
      },
      {
        "name": "office_macro_autoexecution",
        "time": 0.0
      },
      {
        "name": "office_macro_ioc",
        "time": 0.0
      },
      {
        "name": "office_macro_malicious_prediction",
        "time": 0.0
      },
      {
        "name": "office_macro_suspicious",
        "time": 0.0
      },
      {
        "name": "rtf_aslr_bypass",
        "time": 0.0
      },
      {
        "name": "rtf_anomaly_characterset",
        "time": 0.0
      },
      {
        "name": "rtf_anomaly_version",
        "time": 0.0
      },
      {
        "name": "rtf_embedded_content",
        "time": 0.0
      },
      {
        "name": "rtf_embedded_office_file",
        "time": 0.0
      },
      {
        "name": "rtf_exploit_static",
        "time": 0.0
      },
      {
        "name": "office_security",
        "time": 0.0
      },
      {
        "name": "accesses_office_username",
        "time": 0.0
      },
      {
        "name": "office_anomalous_feature",
        "time": 0.0
      },
      {
        "name": "office_dde_command",
        "time": 0.0
      },
      {
        "name": "packer_armadillo_mutex",
        "time": 0.0
      },
      {
        "name": "packer_armadillo_regkey",
        "time": 0.0
      },
      {
        "name": "persistence_ads",
        "time": 0.0
      },
      {
        "name": "persistence_safeboot",
        "time": 0.0
      },
      {
        "name": "persistence_ifeo",
        "time": 0.0
      },
      {
        "name": "persistence_silent_process_exit",
        "time": 0.0
      },
      {
        "name": "persistence_rdp_registry",
        "time": 0.0
      },
      {
        "name": "persistence_rdp_shadowing",
        "time": 0.0
      },
      {
        "name": "persistence_service",
        "time": 0.0
      },
      {
        "name": "persistence_shim_database",
        "time": 0.0
      },
      {
        "name": "powerpool_mutexes",
        "time": 0.0
      },
      {
        "name": "powershell_scriptblock_logging",
        "time": 0.0
      },
      {
        "name": "powershell_command_suspicious",
        "time": 0.0
      },
      {
        "name": "powershell_history_save_mod",
        "time": 0.0
      },
      {
        "name": "powershell_renamed",
        "time": 0.0
      },
      {
        "name": "powershell_reversed",
        "time": 0.0
      },
      {
        "name": "powershell_variable_obfuscation",
        "time": 0.0
      },
      {
        "name": "prevents_safeboot",
        "time": 0.0
      },
      {
        "name": "cmdline_process_discovery",
        "time": 0.0
      },
      {
        "name": "cryptomix_mutexes",
        "time": 0.0
      },
      {
        "name": "dharma_mutexes",
        "time": 0.0
      },
      {
        "name": "ransomware_extensions_generic",
        "time": 0.0
      },
      {
        "name": "ransomware_extensions_known",
        "time": 0.006
      },
      {
        "name": "ransomware_files",
        "time": 0.008
      },
      {
        "name": "fonix_mutexes",
        "time": 0.0
      },
      {
        "name": "gandcrab_mutexes",
        "time": 0.0
      },
      {
        "name": "germanwiper_mutexes",
        "time": 0.0
      },
      {
        "name": "medusalocker_mutexes",
        "time": 0.0
      },
      {
        "name": "medusalocker_regkeys",
        "time": 0.001
      },
      {
        "name": "nemty_mutexes",
        "time": 0.0
      },
      {
        "name": "nemty_regkeys",
        "time": 0.0
      },
      {
        "name": "pysa_mutexes",
        "time": 0.0
      },
      {
        "name": "ransomware_radamant",
        "time": 0.0
      },
      {
        "name": "ransomware_recyclebin",
        "time": 0.0
      },
      {
        "name": "revil_mutexes",
        "time": 0.001
      },
      {
        "name": "ransomware_revil_regkey",
        "time": 0.0
      },
      {
        "name": "satan_mutexes",
        "time": 0.001
      },
      {
        "name": "snake_ransom_mutexes",
        "time": 0.0
      },
      {
        "name": "stop_ransom_mutexes",
        "time": 0.0
      },
      {
        "name": "stop_ransomware_cmd",
        "time": 0.0
      },
      {
        "name": "ransomware_stopdjvu",
        "time": 0.0
      },
      {
        "name": "rat_beebus_mutexes",
        "time": 0.0
      },
      {
        "name": "blacknet_mutexes",
        "time": 0.0
      },
      {
        "name": "blackrat_mutexes",
        "time": 0.0
      },
      {
        "name": "crat_mutexes",
        "time": 0.001
      },
      {
        "name": "dcrat_files",
        "time": 0.001
      },
      {
        "name": "dcrat_mutexes",
        "time": 0.0
      },
      {
        "name": "rat_fynloski_mutexes",
        "time": 0.0
      },
      {
        "name": "limerat_mutexes",
        "time": 0.0
      },
      {
        "name": "limerat_regkeys",
        "time": 0.004
      },
      {
        "name": "lodarat_file_behavior",
        "time": 0.0
      },
      {
        "name": "modirat_behavior",
        "time": 0.001
      },
      {
        "name": "njrat_regkeys",
        "time": 0.0
      },
      {
        "name": "obliquerat_files",
        "time": 0.001
      },
      {
        "name": "obliquerat_mutexes",
        "time": 0.0
      },
      {
        "name": "parallax_mutexes",
        "time": 0.0
      },
      {
        "name": "rat_pcclient",
        "time": 0.002
      },
      {
        "name": "rat_plugx_mutexes",
        "time": 0.0
      },
      {
        "name": "rat_poisonivy_mutexes",
        "time": 0.0
      },
      {
        "name": "rat_quasar_mutexes",
        "time": 0.0
      },
      {
        "name": "ratsnif_mutexes",
        "time": 0.0
      },
      {
        "name": "rat_spynet",
        "time": 0.001
      },
      {
        "name": "venomrat_mutexes",
        "time": 0.0
      },
      {
        "name": "warzonerat_files",
        "time": 0.001
      },
      {
        "name": "warzonerat_regkeys",
        "time": 0.001
      },
      {
        "name": "xpertrat_files",
        "time": 0.0
      },
      {
        "name": "xpertrat_mutexes",
        "time": 0.001
      },
      {
        "name": "rat_xtreme_mutexes",
        "time": 0.0
      },
      {
        "name": "reads_password_database",
        "time": 0.0
      },
      {
        "name": "recon_fingerprint",
        "time": 0.001
      },
      {
        "name": "remcos_files",
        "time": 0.0
      },
      {
        "name": "remcos_mutexes",
        "time": 0.0
      },
      {
        "name": "remcos_regkeys",
        "time": 0.001
      },
      {
        "name": "rdptcp_key",
        "time": 0.0
      },
      {
        "name": "uses_rdp_clip",
        "time": 0.0
      },
      {
        "name": "uses_remote_desktop_session",
        "time": 0.0
      },
      {
        "name": "removes_networking_icon",
        "time": 0.0
      },
      {
        "name": "removes_pinned_programs",
        "time": 0.0
      },
      {
        "name": "removes_security_maintenance_icon",
        "time": 0.0
      },
      {
        "name": "removes_startmenu_defaults",
        "time": 0.0
      },
      {
        "name": "removes_username_startmenu",
        "time": 0.0
      },
      {
        "name": "spicyhotpot_behavior",
        "time": 0.0
      },
      {
        "name": "sniffer_winpcap",
        "time": 0.001
      },
      {
        "name": "spreading_autoruninf",
        "time": 0.0
      },
      {
        "name": "stealth_hidden_extension",
        "time": 0.0
      },
      {
        "name": "stealth_hiddenreg",
        "time": 0.0
      },
      {
        "name": "stealth_hide_notifications",
        "time": 0.0
      },
      {
        "name": "stealth_webhistory",
        "time": 0.0
      },
      {
        "name": "sysinternals_psexec",
        "time": 0.0
      },
      {
        "name": "sysinternals_tools",
        "time": 0.0
      },
      {
        "name": "language_check_registry",
        "time": 0.001
      },
      {
        "name": "tampers_etw",
        "time": 0.0
      },
      {
        "name": "lsa_tampering",
        "time": 0.0
      },
      {
        "name": "tampers_powershell_logging",
        "time": 0.0
      },
      {
        "name": "targeted_flame",
        "time": 0.001
      },
      {
        "name": "territorial_disputes_sigs",
        "time": 0.03
      },
      {
        "name": "trickbot_mutex",
        "time": 0.0
      },
      {
        "name": "fleercivet_mutex",
        "time": 0.0
      },
      {
        "name": "lokibot_mutexes",
        "time": 0.001
      },
      {
        "name": "ursnif_behavior",
        "time": 0.001
      },
      {
        "name": "uses_adfind",
        "time": 0.0
      },
      {
        "name": "uses_ms_protocol",
        "time": 0.0
      },
      {
        "name": "neshta_mutexes",
        "time": 0.0
      },
      {
        "name": "renamer_mutexes",
        "time": 0.0
      },
      {
        "name": "owa_web_shell_files",
        "time": 0.0
      },
      {
        "name": "web_shell_files",
        "time": 0.0
      },
      {
        "name": "web_shell_processes",
        "time": 0.0
      },
      {
        "name": "dotnet_csc_build",
        "time": 0.0
      },
      {
        "name": "mavinject_lolbin",
        "time": 0.0
      },
      {
        "name": "multiple_explorer_instances",
        "time": 0.0
      },
      {
        "name": "script_tool_executed",
        "time": 0.0
      },
      {
        "name": "suspicious_certutil_use",
        "time": 0.0
      },
      {
        "name": "suspicious_command_tools",
        "time": 0.0
      },
      {
        "name": "suspicious_mpcmdrun_use",
        "time": 0.0
      },
      {
        "name": "suspicious_ping_use",
        "time": 0.0
      },
      {
        "name": "uses_powershell_copyitem",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_appcmd",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_csvde_ldifde",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_cipher",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_clickonce",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_curl",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_dsquery",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_esentutl",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_finger",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_mode",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_ntdsutil",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_nltest",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_setx",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_xcopy",
        "time": 0.0
      },
      {
        "name": "wmic_command_suspicious",
        "time": 0.0
      },
      {
        "name": "scrcons_wmi_script_consumer",
        "time": 0.0
      },
      {
        "name": "allaple_mutexes",
        "time": 0.0
      }
    ],
    "reporting": [
      {
        "name": "BinGraph",
        "time": 0.0
      }
    ]
  },
  "target": {
    "category": "file",
    "file": {
      "name": "client.bin",
      "path": "/opt/CAPEv2/storage/binaries/9d3ea5af7dc261bf93c76f55d702a315aa22fb241e4207dc86cd834c262245c8",
      "guest_paths": "",
      "size": 133120,
      "crc32": "1E8FEB2D",
      "md5": "906a949e34472f99ba683eff21907231",
      "sha1": "7c5a57af209597fa6c6bce7d1a8016b936d3b0b6",
      "sha256": "9d3ea5af7dc261bf93c76f55d702a315aa22fb241e4207dc86cd834c262245c8",
      "sha512": "29fd20ae7f1b8bac831c0bb85da4325a62e10961989e14299f5f50776c8f7e669cc1527bf2c3868bd7230e73ac110ba8b1f0491ac0f2923d79d7a2871c7c961d",
      "rh_hash": null,
      "ssdeep": "3072:pzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HI0AkU:pLV6Bta6dtJmakIM5VU",
      "type": "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows",
      "yara": [
        {
          "name": "DITEKSHEN_MALWARE_Win_Nanocore",
          "meta": {
            "description": "Detects NanoCore",
            "author": "ditekSHen",
            "id": "931b98f6-df2b-538b-bc49-ecbbd24334da",
            "date": "2020-11-06",
            "modified": "2024-11-01",
            "reference": "https://github.com/ditekshen/detection",
            "source_url": "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/yara/malware.yar#L7654-L7681",
            "license_url": "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt",
            "logic_hash": "6336260e0af2b4b51338ee066f41b7c58aa134a6c03ca110db7e088edf2b65a7",
            "score": 75,
            "quality": 75,
            "tags": "FILE"
          },
          "strings": [
            "NanoCore Client",
            "NanoCore.ClientPlugin",
            "NanoCore.ClientPluginHost",
            "IClientApp",
            "IClientData",
            "IClientNetwork",
            "IClientAppHost",
            "IClientDataHost",
            "IClientLoggingHost",
            "IClientNetworkHost",
            "IClientUIHost",
            "IClientNameObjectCollection",
            "IClientReadOnlyNameObjectCollection",
            "ClientPlugin",
            "EndPoint",
            "IPAddress",
            "IPEndPoint",
            "get_ClientSettings",
            "get_Connected"
          ],
          "addresses": {
            "x1": 65285,
            "x2": 65869,
            "x3": 65933,
            "i1": 65858,
            "i2": 65891,
            "i3": 65903,
            "i4": 65918,
            "i5": 65959,
            "i6": 65975,
            "i7": 65994,
            "i8": 66013,
            "i9": 66027,
            "i10": 66055,
            "s1": 65878,
            "s2": 67146,
            "s3": 67155,
            "s4": 67165,
            "s6": 73875,
            "s7": 75319
          }
        },
        {
          "name": "Windows_Trojan_Nanocore_d8c4e3c5",
          "meta": {
            "author": "Elastic Security",
            "id": "d8c4e3c5-8bcc-43d2-9104-fa3774282da5",
            "fingerprint": "e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4",
            "creation_date": "2021-06-13",
            "last_modified": "2021-08-23",
            "threat_name": "Windows.Trojan.Nanocore",
            "reference_sample": "b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd",
            "severity": 100,
            "arch_context": "x86, arm64",
            "scan_context": "file, memory",
            "license": "Elastic License v2",
            "os": "windows"
          },
          "strings": [
            "NanoCore.ClientPluginHost",
            "NanoCore.ClientPlugin",
            "get_BuilderSettings",
            "ClientLoaderForm.resources",
            "PluginCommand",
            "IClientAppHost",
            "GetBlockHash",
            "AddHostEntry",
            "LogClientException",
            "PipeExists",
            "IClientLoggingHost"
          ],
          "addresses": {
            "a1": 65933,
            "a2": 65869,
            "b1": 73894,
            "b2": 65449,
            "b3": 71622,
            "b4": 65918,
            "b5": 108030,
            "b6": 75518,
            "b7": 91121,
            "b8": 75371,
            "b9": 65975
          }
        },
        {
          "name": "Nanocore",
          "meta": {
            "description": "detect Nanocore in memory",
            "author": "JPCERT/CC Incident Response Group",
            "rule_usage": "memory scan",
            "reference": "internal research"
          },
          "strings": [
            "NanoCore Client",
            "PluginCommand",
            "CommandType"
          ],
          "addresses": {
            "v1": 65285,
            "v2": 71622,
            "v3": 71598
          }
        },
        {
          "name": "Nanocore_RAT_Gen_2",
          "meta": {
            "description": "Detetcs the Nanocore RAT",
            "author": "Florian Roth",
            "score": 100,
            "reference": "https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/",
            "date": "2016-04-22",
            "hash1": "755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050"
          },
          "strings": [
            "NanoCore.ClientPluginHost",
            "IClientNetworkHost",
            "#=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe"
          ],
          "addresses": {
            "x1": 65933,
            "x2": 65994,
            "x3": 81149
          }
        },
        {
          "name": "NanoCore",
          "meta": {
            "author": " Kevin Breen <kevin@techanarchy.net>",
            "date": "2014/04",
            "ref": "http://malwareconfig.com/stats/NanoCore",
            "maltype": "Remote Access Trojan",
            "filetype": "exe"
          },
          "strings": [
            "NanoCore",
            "ClientPlugin",
            "ProjectData",
            "DESCrypto",
            "KeepAlive",
            "LogClientMessage",
            "get_Connected",
            "#=q"
          ],
          "addresses": {
            "a": 65933,
            "b": 65942,
            "c": 65659,
            "d": 68226,
            "e": 99406,
            "g": 91196,
            "i": 75319,
            "j": 108466
          }
        },
        {
          "name": "NETexecutableMicrosoft",
          "meta": {
            "author": "malware-lu"
          },
          "strings": [
            "{ 00 00 00 00 00 00 00 00 5F 43 6F 72 45 78 65 4D 61 69 6E 00 6D 73 63 6F 72 65 65 2E 64 6C 6C 00 00 00 00 00 FF 25 }"
          ],
          "addresses": {
            "a0": 117102
          }
        },
        {
          "name": "IsPE32",
          "meta": {},
          "strings": [],
          "addresses": {}
        },
        {
          "name": "IsNET_EXE",
          "meta": {},
          "strings": [],
          "addresses": {}
        },
        {
          "name": "IsWindowsGUI",
          "meta": {},
          "strings": [],
          "addresses": {}
        },
        {
          "name": "Microsoft_Visual_Studio_NET",
          "meta": {},
          "strings": [
            "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
          ],
          "addresses": {
            "a": 117138
          }
        },
        {
          "name": "Microsoft_Visual_C_v70_Basic_NET_additional",
          "meta": {},
          "strings": [
            "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
          ],
          "addresses": {
            "a": 117138
          }
        },
        {
          "name": "Microsoft_Visual_C_Basic_NET",
          "meta": {},
          "strings": [
            "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
          ],
          "addresses": {
            "b": 117138
          }
        },
        {
          "name": "Microsoft_Visual_Studio_NET_additional",
          "meta": {},
          "strings": [
            "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
          ],
          "addresses": {
            "a": 117138
          }
        },
        {
          "name": "Microsoft_Visual_C_v70_Basic_NET",
          "meta": {},
          "strings": [
            "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
          ],
          "addresses": {
            "b": 117138
          }
        },
        {
          "name": "NET_executable_",
          "meta": {},
          "strings": [
            "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
          ],
          "addresses": {
            "a": 117138
          }
        },
        {
          "name": "NET_executable",
          "meta": {},
          "strings": [
            "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
          ],
          "addresses": {
            "b": 117138
          }
        }
      ],
      "cape_yara": [
        {
          "name": "NanoCore",
          "meta": {
            "author": " Kevin Breen <kevin@techanarchy.net>",
            "ref": "http://malwareconfig.com/stats/NanoCore",
            "maltype": "Remote Access Trojan",
            "filetype": "exe",
            "cape_type": "NanoCore Payload"
          },
          "strings": [
            "NanoCore",
            "ClientPlugin",
            "ProjectData",
            "DESCrypto",
            "KeepAlive",
            "LogClientMessage",
            "get_Connected",
            "#=q"
          ],
          "addresses": {
            "a": 65933,
            "b": 65942,
            "c": 65659,
            "d": 68226,
            "e": 99406,
            "g": 91196,
            "i": 75319,
            "j": 108466
          }
        }
      ],
      "clamav": [],
      "tlsh": "T16BD3191727ED5D6EE1BE457933330282C338CAD29983E3DE24D865669B392D326072D7",
      "sha3_384": "2ff6be01f9d8f7ca76ab7415c6a6c75596be6018eb38b1988e35287121007e681ff3768cc7ab0a94325bb6825fab8914",
      "yara_hash": "b833150b13e1662cfeb7589959edd288cf4e73710395ec5c5f2123f39a668f4d",
      "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
      "pe": {
        "guest_signers": {
          "aux_sha1": null,
          "aux_timestamp": null,
          "aux_valid": false,
          "aux_error": true,
          "aux_error_desc": "No signature found.",
          "aux_signers": []
        },
        "digital_signers": [],
        "imagebase": "0x00400000",
        "entrypoint": "0x0001e792",
        "ep_bytes": "ff250020400000000000000000000000",
        "peid_signatures": null,
        "reported_checksum": "0x00000000",
        "actual_checksum": "0x000277ee",
        "osversion": "4.0",
        "machine_type": "IMAGE_FILE_MACHINE_I386",
        "pdbpath": null,
        "imports": {
          "mscoree": {
            "dll": "mscoree.dll",
            "imports": [
              {
                "address": "0x402000",
                "name": "_CorExeMain"
              }
            ]
          }
        },
        "exported_dll_name": null,
        "exports": [],
        "dirents": [
          {
            "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
            "virtual_address": "0x0001e738",
            "size": "0x00000057"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
            "virtual_address": "0x00022000",
            "size": "0x00003ac4"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
            "virtual_address": "0x00020000",
            "size": "0x0000000c"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_TLS",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_IAT",
            "virtual_address": "0x00002000",
            "size": "0x00000008"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
            "virtual_address": "0x00002008",
            "size": "0x00000048"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          }
        ],
        "sections": [
          {
            "name": ".text",
            "raw_address": "0x00000200",
            "virtual_address": "0x00002000",
            "virtual_size": "0x0001c798",
            "size_of_data": "0x0001c800",
            "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x60000020",
            "entropy": "6.60"
          },
          {
            "name": ".reloc",
            "raw_address": "0x0001ca00",
            "virtual_address": "0x00020000",
            "virtual_size": "0x0000000c",
            "size_of_data": "0x00000200",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x42000040",
            "entropy": "0.10"
          },
          {
            "name": ".rsrc",
            "raw_address": "0x0001cc00",
            "virtual_address": "0x00022000",
            "virtual_size": "0x00003ac4",
            "size_of_data": "0x00003c00",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x40000040",
            "entropy": "4.21"
          }
        ],
        "overlay": null,
        "resources": [
          {
            "name": "RT_ICON",
            "offset": "0x00022250",
            "size": "0x000002e8",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "1.71"
          },
          {
            "name": "RT_ICON",
            "offset": "0x00022538",
            "size": "0x00000128",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "2.08"
          },
          {
            "name": "RT_ICON",
            "offset": "0x00022660",
            "size": "0x000008a8",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "1.72"
          },
          {
            "name": "RT_ICON",
            "offset": "0x00022f08",
            "size": "0x00000568",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "1.05"
          },
          {
            "name": "RT_ICON",
            "offset": "0x00023470",
            "size": "0x00000353",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "4.05"
          },
          {
            "name": "RT_ICON",
            "offset": "0x000237c4",
            "size": "0x000010a8",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "2.72"
          },
          {
            "name": "RT_ICON",
            "offset": "0x0002486c",
            "size": "0x00000468",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "2.76"
          },
          {
            "name": "RT_GROUP_ICON",
            "offset": "0x00024cd4",
            "size": "0x00000068",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "2.69"
          },
          {
            "name": "RT_VERSION",
            "offset": "0x00024d3c",
            "size": "0x00000264",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "3.27"
          },
          {
            "name": "RT_MANIFEST",
            "offset": "0x00024fa0",
            "size": "0x00000b22",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "5.04"
          }
        ],
        "versioninfo": [
          {
            "name": "Translation",
            "value": "0x0000 0x04b0"
          },
          {
            "name": "FileDescription",
            "value": " "
          },
          {
            "name": "FileVersion",
            "value": "1.2.2.0"
          },
          {
            "name": "InternalName",
            "value": "NanoCore Client.exe"
          },
          {
            "name": "LegalCopyright",
            "value": " "
          },
          {
            "name": "OriginalFilename",
            "value": "NanoCore Client.exe"
          },
          {
            "name": "ProductVersion",
            "value": "1.2.2.0"
          },
          {
            "name": "Assembly Version",
            "value": "1.2.2.0"
          }
        ],
        "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
        "timestamp": "2015-02-22 00:49:37",
        "icon": "iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAY0lEQVR4nO3XIQ6AMBBE0YH0eGuAcwKmZ1sLCkHRZUj4o9qaeVmzqfT3DJl5OAGjs1ySynWIiFeLa62SPjABAABK+7Cte9fCeZlud/sEAAAAAAAAADvgsY7bddk79gnwMSH2nLDUDvNx5OJLAAAAAElFTkSuQmCC",
        "icon_hash": "f66c7c86e9ab59ef3f289acd613a3738",
        "icon_fuzzy": "c3ca946d749a15ad18efd3e5d7b0d8f5",
        "icon_dhash": "454545d4d4d44503",
        "imported_dll_count": 1
      },
      "data": null,
      "strings": [
        "#=qoTNlk$Wngv$bqPRyj4mJig==",
        "Environment",
        "#=qKraENZVscKMtH4GMIJjzqA==",
        "_Lambda$__2",
        "ReadInt16",
        "NtSetInformationProcess",
        "            requestedExecutionLevel node with one of the following.",
        "RebuildHostCache",
        "EndPoint",
        "Random",
        "#=qbwvWShVSL8DgrXXfPQ9kNmpf6pmcj6q57bPfcsBp938=",
        "WriteAllText",
        "AddressFamily",
        "#=qZ8pysPk74rQ5GX0s5CkOJQ==",
        "Int32",
        "#=qYpD2x2QTNARNJcnXxG0OjQ==",
        "#=qeMVJwq86lZc4hsNJNMQJVYiQqG94mfqhBGc9gH9UUgM=",
        "#=qB4sApeDyjGxBivHLwR3FTJejGBlbih3hr3f3TS7BFbY=",
        "System.Text",
        "#=qmcl1D6lgUOLuKGFFyxMamg==",
        "  </trustInfo>",
        "FileCommand",
        "#=qN9Enun6Rlq30xNdBjhzY0A==",
        "#=qJT4I5hOweIk$xYFEeDszbikglXCuquUd$v9AXtyq2ns=",
        "#=q4X5fhkJm5XS4LlpLIyB6bA==",
        "VarFileInfo",
        "add_Completed",
        "Uninstall",
        "#=qq_SehjaC_F9U66vu1NLqjA==",
        "#=qL6PdpQwMNSdyVKw3FgboNw==",
        "#=qPfVuk6552RtecCgHDnGSkA==",
        "#=qkcVkJskuGA4o7kGuN79i1w==",
        "#=q$6NbEg0Hb4neXdXPgEgHJA==",
        "#=qd8WIZO8f6IRqdUmvxawj1w==",
        "#=qGxD085Z3RQaUY4iGwWH$xgEmRYVWDAN6hxNjaXokfVc=",
        "#=qyM$eq2QFDjIwNzxtrtw3WE5gHFsUOsREqnRunYWzTvs=",
        "ReadAllBytes",
        "FileStream",
        "MemberInfo",
        "get_Width",
        "#=qCJD3QzeNpOG7t7hUNPqgxgwPhMjv4aui2ikN049iz28=",
        "ProductVersion",
        "#=qzRcQ_b8FoTlpKT_BObsgBl2bj71wU5HcYdpIIgiTJ5c=",
        "        <requestedExecutionLevel  level=\"requireAdministrator\" uiAccess=\"false\" />",
        "#=q$njopRrPblqe$yrs$rsu5Q==",
        "SpecialFolder",
        "#=q5QHPwKvqpNRA$cKFBj8i9w==",
        "#=q$YUIMaEFO5IFZXBvo0kclw==",
        "DebuggerDisplayAttribute",
        "#=q$yU7aYEYOl8Nz4sJLGQQ6w==",
        "#=qh42qYul4hj$aa5mluadvLA==",
        "IClientLoggingHost",
        "System.Security.Principal",
        "UnhandledExceptionEventHandler",
        "#=qaWedjkiL7CWj9EfMXrEg6Q==",
        "Socket",
        "#=q6tJHosKuF0IY3gGxjaveNw==",
        "#=q$P4U7B6$qbq6QJ_QX8MfyNoxYRq3foNT$OZzr5yEqDQ=",
        "#=qK$702nkzQ4rQ0lJLQZ2zaw==",
        "#=qAfx0INrfgWoPN$Cz4VEZYVFcKNxFeYaixc4CaQpU$0g=",
        "#=q5C_es0qgtlVCNxzfPQ_idg==",
        "DeflateStream",
        "IClientApp",
        "8.0.0.0",
        "#=qnonybcfG2jzQ4kHK5lGw3g==",
        "#=qJtsKc7ccoU8jRrRMGJWqhA==",
        "#=qRvcNy1bY28C6xYdCX8MF7w==",
        "#=qFm7s8q151MPpLODhzLizPw==",
        "Translation",
        "mscorlib",
        "#=qMMPHzLKw8_cOGV193acukw==",
        "NewGuid",
        "      </requestedPrivileges>",
        "get_Buffer",
        "ToLower",
        "#=qnB6QgyVNIUL$Uq0GD3p5d7LpaFZvHrB3jSqhv3o7qlE=",
        "#=qJZLeQthAfpiCw0QvZb7htA==",
        "#=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe",
        "#=qRxyF5FV01AHvUkR3BeX8OA==",
        "feffefefea",
        "Sleep",
        "#=q6jLYuOOmC$a9_UySsUlsFA==",
        "GetString",
        "#=qfkwtPDg_wfxGVFOXd$WnCA==",
        "#=qQR2R27CtTwLSuNC54_JY1g==",
        "_Lambda$__10",
        "#=qFlz$$vhlrnZb7YOji0eF_QZBzkOajT0w3UoQbgnXVIA=",
        "Decimal",
        "Microsoft.VisualBasic.Devices",
        "#=qikBX_CmS$ZzVAuq$nQJBDwmLm5Gee1iPlPuvI188Ejo=",
        "#=q12n1704BGxiT9AoOoTNqog==",
        "Resize",
        "#=qtxvtUAtG5kwD1CbaXqZpxrHWaxR5CiRO2OiaCLfsbSk=",
        "#=qBpzegr6XzkmtwALf7kKPHV3RZVAWYLbYE79PiG2zXYs=",
        "      Windows will automatically select the most compatible environment.-->",
        "#=qfsxP7vyadqL93mAkiQXr1tsUC0B$7Gp0ZNAPpjNxIG0=",
        "#=qN9oos_gePS4akhGX5rjcOjS2FNZJlTAkUnO0Ykgu7Rk=",
        "#=qQyvT61RAfdEUvn1jBvcx0Q==",
        "get_AddressList",
        "EntryExists",
        "#=qoGHQsKlZ7jK$YeTeBpzDNYYM4Z1FIrOpXaDV$VTAdfM=",
        "Process",
        "#=qHamFicykpD9fQKnU2wtqJw==",
        "#=qWaMf_MISHPEu34of2Bm5$ay6Z6PuaGN7w1jlKYjzwdE=",
        "#=qlV3FbiF00r5Vrp5nqoncyxDHZMuHB7yuJa7xS77K3BQ=",
        "    <application>",
        "#=qvPYkN4Wli543LScsy6rh$bZ0bDIN0tYd5zlNUibOEKfBRc13v6NIDRtsxPOZzKpX",
        "#=qE8a8ikTp6zyXXyhNYzK8Wg==",
        "#=qScWgGHvDwJ0da_7qXoO28aGE1ea7zp5$XjEJLTXkuHQ=",
        "SocketException",
        "ResolveEventHandler",
        "System",
        "#=qKxYY$jYG8_7mT_7R0n5jfw==",
        "#=q5s6lzZCgRNNe2Z9HZfa94HOHkpUfSnAwZsGo$hzh7hY=",
        "get_ExceptionObject",
        "ReceiveAsync",
        "#=qksh921Ur22JKhSIAXESSag==",
        "#=qwK7$pNtMfqKNZt8gGYd$pw==",
        "#=qEoM$dAPD9j9L1YOZU2B97iwm0vZOJe13LDB3GayWQEo=",
        "#=qZ79zrlLw6T9kJCHt$e306HkmYpQl8J1ugf3bmy8tycE=",
        "#=qKoyC_0Y6bPLCPvDcJr2y5A==",
        "set_Verb",
        "FromBinary",
        "#=qwSPuuWVW8tz$gDazhda2d$myXXX0Ro_wRP7Rmm8JiiT9wA1EeeaPUV2jnUkQOCHa",
        "#=qiIt1yNcUYn9ksB4loCZmUQ==",
        "GetUnderlyingType",
        "-$& ,'",
        "-p&~C",
        ",@&(\\",
        "LegalCopyright",
        "#=qwdHHpd7UWv1_2lcOeunA18XKUsrG9D8S$xli$tkAMlI=",
        "#=qp7rlpRCprgGh7RCnHteaLw==",
        "#=qU1g6m1CiJ5yzLECox1hBrw==",
        "#=qkrqC_kLD0I$zOgfqD$aGaA==",
        "ToInteger",
        "#=qaCmGqb7phy5lq$DAzhK3vB71XCZSvhKm3BtGKq_xBto=",
        "CompilerGeneratedAttribute",
        "#=qXfm3QhQkyfcZgbFdAZgHHmadm7n1N0mfKcKBqrdfAk4=",
        "</asmv1:assembly>",
        "#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=",
        "#=qzB1OZ89gRpxcPckUn_afNY2d0beSpEyl40_4IarIxzM=",
        "RijndaelManaged",
        "#=qgSHqO_KLHRARFg70SGn_Mw==",
        "0D2T)",
        "#=qDx8yS5wU6EQSawGC841xnw==",
        "SetValue",
        "#=qJe4Aop6J2k_bK0f$hS3ZOQ==",
        "LingerOption",
        "WindowsIdentity",
        "#=q4KMIX0AcXAdYuUiSKvyy9Q==",
        "DeleteValue",
        "#=qbOmsEb0zGpdZukI0D4Idug==",
        "#=q23tIFHA2cbwzlg6YDYhwLkXCJGgIhllZCGmc4pRC8rI=",
        "#=q1uJdtbJoEKhZjOld7SeHjw==",
        "#=q4N2IYJkFi2VWiCVDKVND$8gixU$DXUcX8F2LiLBxLHw=",
        "#=qzjMBSDJWeEdkUWCBxYatrQ==",
        "#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=",
        "#=qb$tFKVReqZMI9M678cKWGdlE1UJqJBfHAfOfQhXuW5c=",
        "v2.0.50727",
        "BlockCopy",
        "#Strings",
        "afeffeefeffe",
        "System.Collections.Generic",
        "#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=",
        "#=q2dXdGRU_h62YVIUhgXBQJzEnralpXNvp017RQs19jjo=",
        "Replace",
        "#=q$XurN5kwCvUuDGDncP4myluEGVmoB5AfvTb_Ct0PT5c=",
        "#=qWcYPgOJASLG6mRBDPhOIZERKO3Eig2IiEWCrUa$w_Mw=",
        "set_Item",
        "#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=",
        "#=qTfMnD_jfiITiB95ES2nWdLlDTdGOSDVgXEnjKNGkWcM=",
        "#=qxb6WVOMh6wjcZFY_Q0MJOQ==",
        "EndOfStreamException",
        "ToBinary",
        "#=qUWYBucdXrqr2Ksc_3qKZcA==",
        "#=q97ilq24aAenhk$hG8MzEMQ==",
        "BuildingHostCache",
        "DirectoryInfo",
        "#=q8r1xTCj7grAlhMxU0cmrbA==",
        "value__",
        "#=qFv$qWif57TCUNsu_O3F3gA==",
        "#=qSYke1CBEgOP5WhDQ2wCOhA==",
        "SuppressIldasmAttribute",
        "CommandType",
        "#=qTSoRMaNGYiiBNK9Yfq59T$2z3sNScYh9uxoeWlhnD_A=",
        "get_Hash",
        "UIntPtr",
        "#=qJY6uBmA7bjB3pfI3CAMZ7w==",
        "GetFrame",
        "#=q8Lz$o21atQxw0qUwF07ufqfk8jjJrspNc$L9E2y_kjQA$2GQzuj5BmjDMXRcd0oL",
        "#=qkcPDXy2$GrSLn1ykhNxS$A==",
        "#=qLJcloNvItceT7R54Ssv5HVCoj0j2JUUq_dQXQpFZZjM=",
        "#=qafzQcMCK0eVSctI0IcD2PA==",
        "#=q5W7RemVArrFCeEyFuvU4Hg==",
        "MoveNext",
        "UInt32",
        "#=qV4bSY95FY8CPz8U7EzzkRg==",
        "#=qUaHlQloQ1heHsricyshXiA==",
        "#=qYVgYkiAmhdTmisXUMVHYlJUHzcBdggj3Sn3nLI_MDJ4=",
        "#=qulZN_JfMbEqc2jFbEooALI6mh8tLy9$3NFedHEXAIAw=",
        "      <!--<supportedOS Id=\"{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}\"></supportedOS>-->",
        "Assembly",
        "#=qUbRtqAPcSxRMI51YgNXGZ9omJvV5BvuqBNocgi7xl6Q=",
        "#=qrIbbxniIme2qLTdRw6i0wDoZFMH5BWs03iMeSnjojQU=",
        "System.Reflection",
        "#=qAoRzrFi9HiHjyPL0ixkVXA==",
        "#=q0QKFCbf0u_IpV5ISOWOl$Q==",
        "#=qr5qpvOPnLxLp6aGkfAM7wQ==",
        "WriteBlockData",
        "#=qIZP8IX60gSYF82kuZejmg8pOoXfEBczapTTwgrWM$fM=",
        "#=qrjPq4iPb$PLckcObsgRE1Q==",
        "#=qH7CAcg5aycQv61Wo62XDpw==",
        "DebuggerStepThroughAttribute",
        "#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=",
        "#=qJrzYsTPKAwT$ubz_aq99mw==",
        "Int64",
        "#=qtBt$1AtaHrrce6fc6LOT3axuBNxZ$SQPty78qYGi1os=",
        "#=qfjs2lYYPRWKuXjeHrc8Rtg==",
        "#=qbUu2Y2P9FL2iRkWyb62gww==",
        "GetCustomAttributes",
        "#=qul8YRvQj1pWpo4_UxgOSzOBvtncEE$VPCzTeLK_rIz4EnXxineVkwF$lTxruKPxr",
        "IntPtr",
        "#=q91nKS7P$i0qKCqvUAPW9EQ==",
        "#=qos7yzAcb5jR$ypc0Qk3OWQ==",
        "#=qw9FR63zXVj$omVnwg0u37A==",
        "ReadUInt64",
        "#=q$Rh_ulnlhN$9Zn9n4fKAsvWT9cisaHT_PgvcGANnd6o=",
        "&&*}#",
        "#=qiCTCgJQkyH_Kzq$FT43G4Q==",
        "#=qCeJ_QwVb__fbuEImkTXwSg==",
        "#=qURIxMOG0HImwEP4A6zEiPg==",
        "#=qxQTn_t1ZFKKNm77mQ5vH9cInicm2Cv9jGtv9vmIpksI=",
        "#=qQLqXliLS$ujl108DGV7$zv9jo8WyYr7oxBJvAgzllyk=",
        "GetExecutingAssembly",
        "#=qqIzVXHiNuUY4ZNiSxkqEGQ==",
        "GetTempFileName",
        "_Lambda$__5",
        "#=qEnv9WsExz6baZJKRUDupw9eEQbgJVjj69NjcsJ7hrBk=",
        "<asmv1:assembly manifestVersion=\"1.0\" xmlns=\"urn:schemas-microsoft-com:asm.v1\" xmlns:asmv1=\"urn:schemas-microsoft-com:asm.v1\" xmlns:asmv2=\"urn:schemas-microsoft-com:asm.v2\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">",
        "#=q6pErmyx6x4$YkotXXEXGCt_ysi5JdNm1fpNgnUvZ9LE6EtA8E0TapqXrPnqyBO1x",
        "#=qr6ouJTA2RwDm_3Z$eUP6TCvbpSA$yAFGnut7D4kG2$I=",
        "#=qjM89gxwDLZ9izFxrYPCtcA==",
        "EditorBrowsableAttribute",
        "#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq",
        "get_Offset",
        "#=qyxpfolLUhMvFTDE2h_syvQ==",
        "#=qAp_zHqT7acjq$QNiBoq2EA==",
        "#=q0msvLo3fKjQ5ucIFxkdur24Cc0tFDGimgcqgtAeKZq8=",
        "#=q2nHH3haw3R0VWVw4qHOwKw==",
        "ConnectionStateChanged",
        "#=qRxKU0X3UfYwXoOTtDpEVW6z4XRgE1s4V5zOQsfCCSqM=",
        "RegistryKey",
        "#=qwogjI4gN1imp1VeWLroXTk41PgYeLQ34zunh6NYu_3g=",
        "MyTemplate",
        "#=qm5VvJvLZD$UcnjvypC5XcA==",
        "#=qtWaDSiZ3KDHpQtSfxDZV0w==",
        "#=qbpvfREN3OwaXBj6J3WBAim$AQyJ99fz1ef01qn6kVrs=",
        "#=qTEC8gcgkt672qW159Oe_Iw==",
        "StartsWith",
        "Rectangle",
        "#=qwNkTTorgPauZQTT6jiqLIA==",
        "System.IO",
        "get_ExecutablePath",
        "#=q$c3lXLbhl3Qzil6Z9hYEopCTRdsG8WE_1ZuhF2KQELQ=",
        "#=qm_Podb$DJ6CfxMwMnaj6heXfc210URbSx7p$rJGFPmA=",
        "    </application>",
        "GetFiles",
        "#=qay$wDBdxvh$MBWrC9YMhC_f55kIvkv7I_BjPu_7Ajsw=",
        "#=q8NzetUGGc1cM4ZGyRGGlug$fKAOwmcPqe4nFzDGKLk0=",
        "ReadInt32",
        "Remove",
        "#=qTAs57ZkYafcLC2FZLCGAiQ==",
        "get_DeclaringType",
        "ExceptionData",
        "Format",
        "#=qvX$J24rI0eJ0gWfA6CEdzVJN7bQN_YTuS98N0yyMYPo=",
        "#=qLKYxZZVHP8wT4ocBxnjPXg==",
        "#=qTLmFjOt1Rq5$fqQEFVZ2zg==",
        "#=q3S7bY847GmpPliI1m7tZaAVifJNdeHclZJyeY2JTxN8=",
        "ArgumentException",
        "#=qWQUgmvsTzj15wSjWQHZnng==",
        "AssemblyCompanyAttribute",
        "#=qfvzoVBS4j9KdxyngOlL_NauqVYLAaOZVw9dutKQSAp4=",
        "_Lambda$__4",
        "#=qO7YVPb8fjfyGw81pHcJjnw==",
        "GetPublicKeyToken",
        "#=q1A7nXYgjUuxh_0aV4fZMB87On7HuSdbeS8x$mfXfW2c=",
        "#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=",
        "CreateEncryptor",
        "#=q5OunwTi_tYTGCTkAtZ8rARxlhmXbFcAf_e1GiEt$FEA=",
        "#=qhWn12I_bGxHfrIrnto3QAA==",
        "IClientAppHost",
        "#=qWgd5i$rED0nEbfExDCteKBL09U6dKm2BW1AXqZVXCWk=",
        "#=qjlBNihUiUO2oBJbOEbdB4u8xmfTL9EQ3AEFa$nrdzJY=",
        "#=qoTGj8$mBoje$u1RSJ6obYA==",
        "ReadPacket",
        "-#&~7",
        "Int16",
        "WaitCallback",
        "#=qlIUFl2SBYSRov3A1WGimWQ==",
        "#=qVEEdpD96A48uRzPJT7G_w60gIZo4tH1_e21GoRWPFm8=",
        "#=qChPTKc$8xcHrcle7anHYNe0wH_TweGkex2nGe9n8WDs=",
        "#=q8uMGC19QD5WGzpkzUOu0SQ==",
        "Disconnect",
        "PluginCommand",
        "AssemblyTitleAttribute",
        "#=qXO4A8$YrN_OoPhFOn$Hhtg==",
        "Dictionary`2",
        "#=qLSPQZXlXixhGX8Gd10$ph8j0p3_XdW2xwrfqz3nO7MY=",
        "#=qDJlWEiuGwuVXAz8yc8z7OaMssRYN4hP9AHespNOmdYHus6_1XkNOC0rqgHeRZksg",
        "#=qhwyNa_lhtuoyuJK5j3BcF4xu5fY5XhFlgzkM1Cgy6IA=",
        "Dispose",
        "B.rsrc",
        "TimerCallback",
        "#=qzRf5_jFnPo03SqY9Fq$uTg==",
        "Queue`1",
        "Shutdown",
        "#=qhiSO75CpxncaWptyc0vAMQ==",
        "#=qrPQtMswclvOlK1AxL1S4K8M$owLGUpQfjJA8CWW$fj1az7m8LFibY8IeMxHKi4wi",
        "ProcessWindowStyle",
        "&&*}b",
        "  </dependency>-->",
        "#=qFZ8xm69Cd0C55Ip2ORf7Ng==",
        "-b&(?",
        "#=quFACL_$e$cUEIexpzPXS7w==",
        "#=qedcCJsW_6aMZb5lO3tR01A==",
        "#=qraB64nHTnRXCE4d7ffs5aGExarxpEh0COAPaEFI5iV8=",
        "get_CurrentDirectory",
        "#=q5XjI6hZlPIrXq2h2btB_pVJgDh_o3RXkWrFCxLCG1E0=",
        "#=q_$JrmDHg2uq9s8cQVRi8Jw==",
        "ReadBytes",
        "#=qJqkjp9g96yoxpNS2E$BC00FKleto7dZfN9N5mtLDF4g=",
        "#=qszlIp3ITaFi0VCgRIaErNg==",
        "GetBinaryForm",
        "Yaa*&+",
        "get_Y",
        "#=q7rZvZ5LmWDFo52hBeGb87g==",
        "#=q3LvM$oW1poDdLKDT_N_s4w==",
        "ToCharArray",
        "RegCloseKey",
        "#=quOBOxPeAl_kjKKx$REI6dA==",
        "#=q_NLac$XJ5lIxZMpXsr_nBw==",
        "#=qOplsUBML8x2xteEBilOycw==",
        "#=q8Bp27fhtrXMmonNxf$9qLbuQQehIBQTdOPDQw07FUyI=",
        "#=qFMsFc_zvkhu_B2YTPJt9Yux7Vq8aZNOr3FA$mEdAzCc=",
        "#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct",
        "get_InnerException",
        "#=qgCcrNFC0iLB8hKTy5iNnsw==",
        "Marshal",
        "#=q3cm0QwDyNYr2y$xvkCk9bGbohRfuMuxkahGwLy466GA=",
        "#=qyzEuYsQ6u9hwZeR0HeWqvA==",
        "#=qf3c4WtE$$thN5QyBMvo3u0lth2VF5hmfUsIv1r8yRkg=",
        "#=qcDgE7pmQv6niirKxFRMj7Q==",
        "SetKernelObjectSecurity",
        "  <!-- <dependency>",
        "WindowsBuiltInRole",
        "#=q4d$NdpGCMcL3TaMlT9EW69FacIvNnqDPMFNisgGhmsY=",
        "GetKernelObjectSecurity",
        "ValidateBlock",
        "#=qRbDxNN_CBpjdn11hjtWoZg==",
        "#=qe9p_PgOCiouYWahOSDKth00dr9CdsTb1R3DYgCeLUBw=",
        "#=qsYpthruwyrknxFdWaNp9Vw==",
        "CreateDecryptor",
        "Conversions",
        "ReadDouble",
        "#=qdzx0nDkNduYsJ$MOZBFb6jelzyvbyiG7So1vqpZnVLU=",
        "-'&~C",
        "#=qCN8q7dxuBuds3rgIjZ1oLA==",
        "#=qBcRYABJptno3$fpXoMXAvg==",
        "#=qArVl3RpI3eEiVf0qXoqrWw==",
        "#=qk77uxMCXAcR_2KMKgZiSng==",
        "#=qd7oUKLFPI9nt8Ln7RU53xA==",
        "CheckForSyncLockOnValueType",
        "#=qCKX0qzAtjLAL9KBPrJWkOA==",
        "#=qXzNbY0aXEU2Rr2_Jbe87og==",
        "ThreadExceptionEventArgs",
        "get_InvokeRequired",
        "#=qu1CivWngdicjZHEJYKM3dA==",
        "#=qqLLpPwpASXA1wqOuY2RNlU8CTc57bQGBfHWaLDgrCKM=",
        "AssemblyFileVersionAttribute",
        "System.Threading",
        "set_CreateNoWindow",
        "#=q9rN$wEdl9rzJbAMMIiemCg==",
        "#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK",
        "GetBlockHash",
        "#=qdy_NHDvN7XTcQtWWMYxYKbuJqtXHsYJXM_YUEvVR0bc=",
        "#=qyZOtLxFf9zA2x1ff4_5cOg==",
        "Write",
        "#=qxUvHfLZKZiUmPXUqPV8Vcw==",
        "#=qsAejPkl5V6B3npq6homyUA==",
        "Microsoft.VisualBasic",
        "AppDomain",
        "#=q$bBbU_xpGfMMkAvp45SBRg==",
        "#=qZiHVbt3FXowK6_NIyOxsOw==",
        "#=qsA8D04owIGYHILF6yPa43A==",
        "#=qtT$P2Bo4VHFu60OU4VLf1H20c7M2DlURuyfb_XJDYaM=",
        "#=qstAyOBsDsJqFRKDvXIn01A==",
        "#=qWljP9Wu9miiHAG26c_L7NQ==",
        "#=qGqLDylJy8NmMEbMDJmKtoQ==",
        "#=qvLrEXVjSw17e3P6GFPALhrZXcKcfxuk0NupQhKFf0VM=",
        "#=qFlM8LWSzwV9qMKMd32mVdQ==",
        "QueryDosDevice",
        "AppendLine",
        "#=qkWUjAoA_6r2E7qo6NAGuIBq3iKikqBJbioTC25CcZQY=",
        "#=q2wxuRKC7TyzyevfrmeuJ$w==",
        "#=qZFVU$VkNPSWYii2AVQe6c6mwAUd10Tgqkl1$K5gZz9Y=",
        "#=q63A3zH9hQ$3c53x2wqU0Qg==",
        "#=qEqBb19ZxrWpMC8pwAc1v$Q==",
        "Hashtable",
        "#=qFYv4oSsEFno3Ujev9_o4Hg==",
        "            compatibility then delete the requestedExecutionLevel node.",
        "#=q6Xi08r0$lOOnXtoBHhfMuQ==",
        "#=qfOXLv$ej4ffVoa9QN8Vke8O9DCKhSHEsi_sqFk8Qf0o=",
        "get_Day",
        "AceFlags",
        "MessageBox",
        "ToUpper",
        "#=qVXB_y3eN_sp1$Md9UoJeYQ==",
        "System.Drawing",
        "#=q6uR3lWd6_aD2reKUDlx$OA==",
        "#=qEIPcndOLrV2GJmno7zKtBA==",
        "Details",
        "ExceptionHash",
        "#=q8T1neNU8Flp1WaNsBKnRHQ==",
        "#=qfPf03rjJVGFkLtYSr7zDRw==",
        "#=qUUt$Zm9DEy7746wMpw0nOgKcClljRPRKWyhQ21GyaOQ=",
        "#=q2X26s_rFZ25AY$hOcf_6zA==",
        "StringComparison",
        "#=q9heLrZy3cpWSk7do8VVthg==",
        "#=q8McCIarwH$XScVz0xkTmJw==",
        "Combine",
        "#=qBhG6LJNfmJspOR5A5YrkZB3a_dWOpJYSj4Mo9vfL8qo=",
        "Create__Instance__",
        "-'&oN",
        "#=qDOdV5duF980CDFSFl8oQpw==",
        "ReadString",
        "Client",
        "Object",
        "#=qe5qrWacQXGv9g0P5D_mRuQ==",
        "#=qluYNp43cwlAh9yLdLZolDw==",
        "#=q6Aboe3ONIkez7GgqcdWPi0_vrT_i53_89HUeagGM6MThXvFkvl8hpSeHO1UJawKN",
        "get_Message",
        "fefefeffea",
        "#=qe0mY$R_rBsPIZZv3hPLS4g==",
        "-O&~r",
        "#=qKYm_FHWoJ42y$VrakLgWfw==",
        "FindResourceEx",
        "Concat",
        "SocketError",
        "get_Unicode",
        "#=q2gthvB62n07fYVTx5fwIqxBAo1t_hs$il9Ac$4FY_Gw=",
        "GetInterfaces",
        "#=qYMGXxffne_DlG2tyCliUw119RPUt2rJt6SWle_TPkBA=",
        "#=qCgskv3QU4cEy8M7hqvNNBbFyow$DvbmSQrN8A5JJJWs=",
        "#=qgB3pFGrOVxm7f$sXZD67nQ==",
        "#=qQRAhbbFlVBfqrgso8zehPg==",
        "#=q3_xjz98EYRXgLslROl8imQ==",
        "#=qmuy0ee0GJl13ksvWRbOSbofOCTPf0dv0HYdjJq9H_Es=",
        "OperatingSystem",
        "#=qnY1InNbQmfgiJXdGVH6rvQ==",
        "#=qYI$MiBdzcplbf7GqrUf7Ig==",
        "fefefeffe(",
        "#=qyEH54IW$f9fUJb7FOR8r3vj6e$onLGrpm2VGycjbl9TZJEqkwtA4y4bL9ExOWpiA",
        "#=qMWVV4JCreo65oWvwYJqZWobqlgJkr$K2AUIqF$weF5s=",
        "MethodBase",
        "#=qw39MYiiaN1XJbqsDq$LgQw==",
        "-\\&~]",
        "#=qg9gWuHgvaa6cHg9wj9NSQQ==",
        "#=qr9m9EjuYAP$2E3p2xadfFhcTH6toAhrm0dlfOTldiWRsdXd8UmnkRkYrV_8$1gaA",
        "#Blob",
        "#=qzTUdhpx_l8oNrXik8Q6a51kZkIp$waiEMbjMOU1bFOc=",
        "#=qABSlSWKh$8sT$UF4sG_vQMmKqh5lDRXHlL1yCp0W8x0=",
        "#=qw2XWrJCQCyTO0Iwdbz8TWw==",
        "AddRange",
        "#=qQ3JMSE9km3mGmL6lmUfRHw==",
        "#=qEQtWieYw8BPdEE4hbsjTLrq$BwGjJOBoaDYJmV9xVgE=",
        "#=qtIl3MhjXHsnCHvTVFi9hFg==",
        "#=qfozjXlIKX6LyHHXB6wCG9g==",
        "#=qjIje6jGWLd2EOkfZXKqBbg==",
        "AddHostEntry",
        "&&*}X",
        "#=qKdZKgyAqL_iP0GUSJkXePw==",
        "ffeefeffeefhah",
        "LoadResource",
        "get_IsDisposed",
        "#=qeKiN0Pwa0MwkK0uB$Ook97TrMQC$LNj1jgF6xTuSA2g=",
        "          version=\"6.0.0.0\"",
        "add_UnhandledException",
        "#=q637XAKKKpMW09u9r97v4lg==",
        "#=qwGMLoIBYlotM6E$y2KTAuQ==",
        "#=qeeDSInMnFASKK3QXGIKUxuxDb8FgGi0XLXRlZ2oJdWM=",
        "WellKnownSidType",
        "get_Port",
        "GetMethod",
        "#=qehEpCuPIxZRbHczlt$dAWi4yWi9o1_noSvuo$Wzvtyo=",
        "#=q0REOJwjO1qsE01G_RQE1TQ==",
        "EndInvoke",
        "#=qPNzwB3EyeKwH$TwKjEdAjAC6A3IlGhANCdkUFCgvEiw=",
        "#=qpXfSNxR7J3tqOHyqT6s_Aw==",
        "#=qNz_Hz8DMWPqA8pVcg8d0UVymwvCurvyYgdZaMK3OhQE=",
        "#=q0PMcXQJxcLLr1sYO0fpyhPjUwjQtInL_vJPQSgCsfio=",
        "#=qO$LkcjIVULy0PGjvpOiiEw==",
        "  <!-- Enable themes for Windows common controls and dialogs (Windows XP and later) -->",
        "#=qyc0YQPNqWwZHkgNDV8lyIQfgMkEbGZtyDsLzhYmFp8w=",
        "#=qhFV5jkshUI$uRxypI6oecQ==",
        "#=q0pfW5T3uO1I6LyXSPFW7Qw==",
        "#=qQ_BBkbckkXGbXV1nE4Sw4w==",
        "#=qYiXVlu3YVR5erIxfIIBHo1Gv4y4z4vrtnS$$9CALbVE=",
        "#=qhq3FXVXLOItNPwDlpFnTKHk3JkInaJiiSE3uR3jtGH8=",
        "            If you want to utilize File and Registry Virtualization for backward ",
        "#=q1AWpt7Zq4Tx0wGx4hVFZRg==",
        "#=qhg8oaKg1xx$HC$DKnlbXQpibwH2HXqMGSlGv30vEUsU=",
        "#=q66hvvPDVbMv$MYStXtnb6Q==",
        "_CorExeMain",
        "get_ParameterType",
        "#=q__Bys7JTXmAiG9F9QC$wjw==",
        "get_Position",
        "#=q51SFR_Fbl10nUMKjGTtHqA==",
        "#=q3TG8MLoZf1Y44PREVW$6m76IGmuYE_BOhC_OTjkQJFtYWwRtSeFqevP9hiteuLfz",
        "#=qmbdg4P9$2ouafwS8nEs4lA==",
        "#=qudwGeEjJDUB9pt$_k0YOgc30ZWMo1bIGmdknk40OWog=",
        "fefeffefefea",
        "#=qH8FTQLBlM6o0t6zf8SLPUg==",
        "CreateDirectory",
        "    <security>",
        "#=q8SIEDcn4WoT9RcZmFK9tzQ==",
        "#=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA=",
        "#=q1jj2Lo3UBKUZkdI2bLcg4QlXuNGNWZ$CYnK9VTZNEsA=",
        "#=q8nWzev5go3NKhN5Gk9NzTmM91eKwrK00n3U6GWmH8Kc=",
        "#=qjYgYU6Lnx_W1ikVtBmjm3w==",
        "&&*}&",
        "RuntimeHelpers",
        "LocalMachine",
        "IClientReadOnlyNameObjectCollection",
        "StreamWriter",
        "#=qGqugi8s64S3wxXEod1SSyA==",
        "WaitForExit",
        "#=qV9UIxiLyaOi7XoTx2DUJwr8Ior26OirSZwM3mOvftrw=",
        "#=quO7UmvJ4RBuIIChSn0jx_M$HL4rBuRuRZnNBEMlpsJw=",
        "#=qxWNhTH3aUmlSLTvydVoCIQ==",
        "Boolean",
        "#=q4P_5NYDHZX9MPbDZuNFOAbRpAmJ2c_TFz8M5ulhIFApTRNfzn3_E1__1$MVw8$WV",
        "get_Major",
        "#=qa9HOmSrK7mjt1ZxVRncCgFoJUA6N3DmB1Rc$YUfcSKM=",
        "#=qN1bIi$08taNozgdgDWdXVA==",
        "#=qAM4ZJ3aDwBm_a3IkqHxLmjdKzHIQbFeE9thLHux2o6g=",
        "HostData",
        "ControlFlags",
        "#=qdZqWoaYN68rlMOX4HkTLdA==",
        "#=qru2ORBLxmt_CUDya_FEQGA==",
        "AssemblyDescriptionAttribute",
        "#=qxWp4ETQRrgcfPChnmxhivyMmb5p6MuyluC9Tc_Mhkec=",
        "fefefeffeXa",
        "#=qVQoZlgR59_v4NYIa4CBPQw==",
        "#=qVHGoZQC06Wdz1fJDKkoeiKu9aci51znqNtMz8dGZQMQ=",
        "get_LastOperation",
        "      <requestedPrivileges xmlns=\"urn:schemas-microsoft-com:asm.v3\">",
        "lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet",
        "-(&s8",
        "ReadByte",
        "#=q1tLM5Gk001IDETj3RhJ2ESaIo2XgaV2vMWhqISqSHy8=",
        "#=qRxR4aJg8TX8oM$OpeoviZQ==",
        "#=q2V8VN1ZqnXOBhkZZr6w3VA==",
        "ReadSingle",
        "#=qOxeV7mwtJT4AH3HtBqNUXw==",
        "set_IV",
        "#=qzx697Szk1moqO$yUynaioQ==",
        "#=q2XZFEYqbf67s$PRf9Xyx7Q==",
        "#=q1abXKhVCyzVldE9ra9z81A==",
        "#=qgHxgiBgB0FhzEGOOs2Dqnfh3XnJ7nEmajCNqRqFR3Fg=",
        "ValidateSource",
        "#=qA1_qolTI9aVdwnEde3ubqM6zKBigTZiyb5_iHpeZQDI=",
        "#=q3fzZpU7POi9yYKua762KimE0tXDV2VRrjyJcPuwXgTs=",
        "          name=\"Microsoft.Windows.Common-Controls\"",
        "#=qxp6ct4JGLaMDbwg6fkrIEw==",
        "#=qCA$7lFkUlfYTBh0Hp6uY4w==",
        "op_Equality",
        "ClientLoaderForm.resources",
        "-!& 4'",
        "#=qRLk0VFphuSTh16H1MGZUv_HwKU6b1$OQZ0l10zUjPKU=",
        "#=qbbSw65PC$nto6DJiWxTawg==",
        "MyGroupCollectionAttribute",
        "#=qA5pFz5LZPgfUa5zon4beRA==",
        "ParamArrayAttribute",
        "<generated method>)",
        "        <requestedExecutionLevel  level=\"asInvoker\" uiAccess=\"false\" />",
        "          publicKeyToken=\"6595b64144ccf1df\"",
        "get_UTF8",
        "ToString",
        "#=q1t2nN1p2nWkytA1wjQ32JyClWcTGIZMOEV9XOIYf1xQ=",
        "GetHostEntry",
        "`.reloc",
        "#=qoKFLFqm7bb3VWsU2QKXIQ4_6anGbTCWiZAfrNlgq8fc=",
        "#=qLYpbsprg$ymVLeNEwEpYlA==",
        "#=qG2DPieaEKCS$j6T6yTf$qg==",
        "&&*}(",
        "&&*}e",
        "#=qSyCMza09ItB79lrZlFBuQQ==",
        "#=q$mqGRbJ2J2TNgadoLHYnIQ==",
        "-m,Ol",
        "#=q9tI5WfBIFIPW_84mZnHV05cJ9fSyOCl9wA8lwPxs3PQ=",
        "NfefeffeefY",
        "WriteAllBytes",
        "#=q$XxqrIH7dyYqacMzR_CjGA5JAR0vUKiq1f0DFqS1mcI=",
        "add_FormClosing",
        "#=q0g2hVR4CYkiIvLHeQL6tUkW2KQhRibG1DIo1pReSOj8=",
        "ParameterInfo",
        "#=qWbDVCvJRlY$nWsVAToK13K8LD9gZFcJQAtBUvjDEcyo=",
        "SByte",
        "#=qQ9gevS7b4oTsdxtV36c3$A==",
        "#=qrWKlHKCxTKueolOR4ohc7D_cBhjLv1zNIcftgcigaGU=",
        "#=qKxL6kQaUyB_6jIG3mQUGOw==",
        "ReadChar",
        "Start",
        "#=qEbf5uxiH92v$7mL0TnmsnA==",
        "#=qvJ_V3lJRnVEW6EI74n63zg==",
        "#=qFxElXT3T_$sB_0gpbmQGIA==",
        "#=q7wsNZ$btlm7uRzkYXMkJl8JrBCKSYJt4if2WiKQrObs=",
        "#=qYGU8a5KOsYzqpvljkWGWKuQS9mZuJYQa$8g5J6c9rho=",
        "#=qxRbSDXwo6eARhpCjqJa2Fg==",
        "#=qEn9Mtg$AIqWbq3whj1y5N12e3KXi_NwIIcl2i$FXNSk=",
        "SocketAsyncEventArgs",
        "          type=\"win32\"",
        "ConnectionFailed",
        "get_Exception",
        "System.Net.Sockets",
        "#=qOn6YhA2JjwnYZ_7D0fnnEw==",
        "#=qu0EIqDRT_HlTe4PqaMKdozL1lQ0SgTtqFucuF2vFq50=",
        "~utVN",
        "#=qI5Vms5JVXaVkwalJFV3L6w==",
        "SetLength",
        "#=qAySeqCaPs9tWWTa_P8M4Zg==",
        "-l&~s",
        "#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs=",
        "#=qtcncUaS1HcVKUD5AEGHBokWqEL$GDDjoAu8asy_oLis=",
        "ffefeeffe",
        "ffefeefeffe",
        "#=qEDU5bqS$T9T0k2xHaznuPTNI8j4z6II52ItUe0wjyZ4=",
        "#=qXCoQdguduOewiATPKLDvyekx3X3r68VNkZOPBX9O5lY=",
        "#=qvJN63xerlaB42Q0XUG621g==",
        "Decrement",
        "PluginUninstalling",
        "#=qwnMPoJqYBxCKR$s5x3I3EQ==",
        "      <!-- A list of all Windows versions that this application is designed to work with. ",
        "#=q$sTc1AZMnHRC7q_PL2hWs4JIEJoo88_IAFcWtrdNt$4=",
        "  </compatibility>",
        "feffefefeY",
        "#=q00kXQ$0a$SV9DIgRtf4NWQ==",
        "SocketType",
        "#=qdw5QBoXX8FR0LrkjhWN3qw==",
        "ReadUInt32",
        "#=q1ZcUbkVKv7wahbk_Am8y6A==",
        "#=qJ2Bo_iSk1Tt7sQHk7C2ESQ==",
        "System.Windows.Forms",
        "#=q0zLeEY98tybLc8FS6iVEWjGp4MNZxETphcH7ohzBXuY=",
        "#=q7O26Wc9N845khaV1IlgZGg==",
        "#=q7Tql80HUgCLaL3e0n4j7ew==",
        "#=qCSC3Khfzx9$ef45TjPThpcJgh1Y2yjEovdFzCbywzqU=",
        "#=qiGEsYAsOSz$jy0hyBv5MGPdLIlePpwWMgCE_Abe_mLY=",
        "#=qHU4s4cJ8BUWy$MQH9LPGxTniDgLcWFlt1CmhZ7PNRWA=",
        "#=qoKX_5NDx$uDAqG3r2Qdnaw==",
        "-?&~]",
        "        <requestedExecutionLevel  level=\"highestAvailable\" uiAccess=\"false\" />",
        "IClientDataHost",
        "get_BuilderSettings",
        "_Lambda$__3",
        "Single",
        "#=qXjNBjXFhVcOvrRAG8alfq96_gJ4jOa0wwNOaztY3QjLWnMT6wXGDzBnHuUkef5N0",
        "STAThreadAttribute",
        "RegOpenKeyEx",
        "#=qX52fPnzDspvxDLERxqgnmVyN3O6kmNVEBrlqQ9OVPeE=",
        "#=qsqmAgLqQh_pOiJq5Mcf5Ii66zl6iLnAX8VtqTy$uxhY=",
        "get_Name",
        "#=q6oykuAaezoPWCQHwIFBGYQJoT_doGKMmOjpzn6ZJomA=",
        "#=qORcQ89THKgijJ1sWRyjf4hLd1g4H_sosI9t_gkVfZ7g=",
        "#=qZHoyzaJ9rjmsFI5qWuYXUQ==",
        "GetResourceString",
        "EditorBrowsableState",
        "#=qRUXz_3fP21juNHWjDYL16Q==",
        "#=qcyp860KJctHXULF8nCr1oMRR0y2kU8XZrQHqsInbsAM=",
        "InsertAce",
        "#=q9rPQSTp$UBZiTGc7mKlh7h1QvRgfs0p_mQAaIRjRIsQ=",
        "System.CodeDom.Compiler",
        "#=qNQZrJgmZwpZh_4yrtaf9Gg==",
        "get_ClientSettings",
        "DeleteFile",
        "Double",
        "GetCurrentProcess",
        "#=qU0vjurWIhbfq4$RoGXKKVfTj5MJBenZeu2wAtoCJAJY=",
        "#=qYGqPwTlQx5HSyCMpKnJtwO$bA4uyJcKD$pA6WpBamRM=",
        "#=q9M64o5ghSlB001vxhTt2kVIQeNtcHtzTvRgoYr2$PVs=",
        "#=q$JqWZLd6UPV3jmsDHksd2EmkHWISQtPlvGx8vZ7hHXE=",
        "#=qClMnNCTDhIIGUYHmdm$xCQ==",
        "Clear",
        "GenericSecurityDescriptor",
        "#=qikOQWBxvreUKIkKm4o4DoA==",
        "IDATx",
        "InternalName",
        "#=qI2pAr92bRdzddapVaPVhbQ==",
        "#=qHy8pXlBCL$mvAXWQDJUnVpxgTTYNWuQ4Z7NdFPUhcZs=",
        "#=qEKdoqcCD2XVb2atXAIOmL$Gnnk$r2oNLDVsEymHbxMo=",
        "#=qU_ZXXWlv_8PtJY9coDWiH8$dVbE9S$EoqFVRvxhPtE8=",
        "#=qOgcjmweVxeuvMU4cvcFOmg==",
        "#=q0qLVKF4NbQlcaunYsixITQ==",
        "ComVisibleAttribute",
        "#=qWCa2pDyuMnzTMLUOIIx_zqZ1n0nAbCh3XpyakFsKTbQ=",
        "IPHostEntry",
        "#=qFaxhQMbuEyPeOadTfKIzX7ulwKfSulnteVvHU$QDlcs=",
        "b`h*&+",
        "#=qS8syUoAGHVUW8$eQd6_3_g==",
        "set_WindowState",
        "#=qfXdNdmKHZO9pILMTQ4gUIFhfl9KPJm2rU8y_LQsTH4c=",
        "#=q7EIL8N8VWglyI984D7TGpzIPvdOcvYIRRwfMeKNyDDs=",
        "#=qgPQkZ3GBDc371jzhubcNPqmxfqhr7b78DNmenmuxGa8=",
        "#=q85afbI_HcqBFOZnC0iAqsNghLb3LsuyjFtpLEYYoPX8=",
        "ConnectDone",
        "#=qfpNcQ8IYoPRIQgVc_nBfXzVjxVN2nY_mFz$PcDXaKKw=",
        "#=qnk9x1Gmlq5UZ_X95yAl14A==",
        "#=qrpluguOr5I7WIqr51cA8ZQ==",
        "#=qeWvkoUO61qxfYbQKV$cOPQ==",
        "SetBuffer",
        "get_Height",
        "ClearProjectError",
        "#=qCSH0DtnYKogitTpLw_M85GR1jr6BVuF$16hm8cfUYWw=",
        "^YkG#C",
        "-&&~r",
        "OpenProcess",
        "#=qKqE6jaRKu5jJvHl8RwywXQDv4h_f2ISEaHK__Drdd$M=",
        "#=qR_QBxpRX$xZ1vjqVv0afDQ==",
        "#=qYuHUjnyRYHZqCkKAt0jj_9qFBzmTZKte4i1ou04eBWY=",
        "#=qAkkjpY6IHZssIsQ9hAxzTw==",
        "Invoke",
        "-T&s,",
        "#=qGHv1IOurZ6januU0XCThS7E6H0kqAtBD9d30RkoHFXM=",
        "~:}ew`",
        "#=qOsVShdMttD8jGLf8zW9G7g==",
        "#=qEWXagqzV$_PB$92aNfTAHdvK2qw2uvSxy$UVh0K_lso=",
        "ClientSettings",
        "#=qrzlCozsOJIqLxGzoulKftCL7kUWSuMYFdc1ca_yCcBA=",
        "#=qGjStw3GYbvUue5kapeAzmPJAl5$UDUb723PSvMiCGdU=",
        "#=qtLsfqPVQ47D3cdxmiwAJAQ==",
        "            Specifying requestedExecutionLevel node will disable file and registry virtualization.",
        "#=qnnmAgQGEsJw4dsVn9gN4wJbRL4WqsDa_V0QuBPM2E4A=",
        "get_Chars",
        "Variables",
        "#=qQoUfP$jAQrKMjDuqm54QmA==",
        "#=qnaTZqk95Z1a8JBLdKiF8aw==",
        "#=qwyLCYYp4MoTtTA6T$fEOIg==",
        "GetEnumerator",
        "AllocConsole",
        "Dispose__Instance__",
        "#=q5j3wvJXlnrGmRnKUHr_1SQ==",
        "#=qyow7wBpiCNNIoap9jI9L3Q==",
        "#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L",
        "EnableVisualStyles",
        "fefeffefeef",
        "CreatePipe",
        "      <!--<supportedOS Id=\"{35138b9a-5d96-4fbd-8e2d-a2440225f93a}\"/>-->",
        "get_CurrentDomain",
        "      <!--<supportedOS Id=\"{e2011457-1546-43c5-a5fe-008deee3d3f0}\"></supportedOS>-->",
        "  <compatibility xmlns=\"urn:schemas-microsoft-com:compatibility.v1\">",
        "#=qo5Pv9nXCIU9X_B8SJDUR_qgp7npNK2pA1rGP0GNQ51o=",
        "#=qQJBwIjtEvP$UD5Stcfj2wASGBDPz6YiX1yXx_MSfzPs=",
        "Empty",
        "#=qTZGarPS37Dw3Z3Ipg_AFug==",
        "#=qNdKVs_XU_xYgnUK9ZfVshw==",
        "#=quXVzKqGldmgtXgVm61aLog==",
        "#=qAR9aFFQPEovpFzvfokoGkw==",
        "#=q61s8d6EIAdSsDLLjqchw1w==",
        "ffefeeffefea(",
        "#=q6CxZjTl3_v2RHWKegcqMWw==",
        "#=qek1Oy3FoZ8ULt6r5iL2pEQ==",
        "kernel32.dll",
        "#=qvA35ZDPTM3VgF89oJb9AmWFE4pqnIDYGjeV5H4uvblU=",
        "#=qxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecU=",
        "#=qJRbhy7_BbunS1O6hH3MqZIufpnZboV6cb5Cv4qZI1D0=",
        "MaxValue",
        "&&*}o",
        "get_MachineName",
        "#=qp4XZ9Ss3K04S36I$7WhtwQ==",
        "#=qMpgSfrZ_Z1PFlMpqVHDctw==",
        "X*]x.",
        "NanoCore Client.exe",
        "#=qKKh2V4W51UBGXR09J__pug==",
        "#=qmL2H5Qgs6vv79mCqS$t3qg==",
        "#=qG8K0lOrmHWfP2KExoNv$5w==",
        "3,bDD",
        "#=qUDQctXsgw3eGxqcYAxP8MQ==",
        "#=qWFUoT0l6elO8yn$hIYUL6Q==",
        "#=qhPT6K66KztLE5cE8YZMEsw==",
        "RawSecurityDescriptor",
        "#=qhz4yMg0WDLwu3BJp4fYr0w==",
        "#=qgBCfMYp3J4fCYU13EId5uw==",
        "BinaryWriter",
        "set_BlockSize",
        "#=qg$lb3t6abG6vgSpzSjJlb_$AIzqYfos5cl9DWFolUwM=",
        "#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=",
        "      <!-- If your application is designed to work with Windows Vista, uncomment the following supportedOS node-->",
        "#=q_gCP8hm5SSW7J$3R7xJuSA==",
        "#=qQKYqF9uhb3QdjdrkvuxjUw==",
        "LeaveDebugMode",
        "#=qXKuFJhTO9qh0nlK1iXbbSH7y8Djn0mggfIDxOoarDyE=",
        "ComputeHash",
        "ConnectAsync",
        "#=qB7XWHK8gygwSs$Fj70FiWw==",
        "#=qJ598Vnr_RIwGnHqFfQsYCw==",
        "set_CurrentDirectory",
        "#=qHj$POo$6pkhWHVC5cES_2g==",
        "#=qAsEDmMyJR5b6o5oAn_4$qhqe51JCfsU9Gffe156c8UU=",
        "#=qukf_DyAYprvhLsdhT4CGuA==",
        "#=qoTZi9XCxEGJXLELWnV3yfQ==",
        "#=qDEcM8KorEdChS9luywSNQA==",
        "IClientNameObjectCollection",
        "get_StartupPath",
        "MessageBoxDefaultButton",
        "#=qkFwCVmJ2HhZ6r$uKeVZFFfVLdddj$WEInl9bSgbErDM=",
        "#=qEk42FAaXkrNIu2TP76IakA==",
        ".# G'",
        ".ctor",
        "#=q5MtzoDWNtlkksfPTHs5qXlK2k7ZehKenYzDJQrgdOII=",
        "#=qdPDxrK7XRQZlwY8QeW6oe0AEoOr3qND_WVi1o6l48tc=",
        "#=qvRKdouixzy3mopZ1VtjZRIxbtiSW2GAGLD$37iVLn9U=",
        "#=qJLXxSZzWSVDQjBBC8RxpqVbwxFaxTu3ygaLrjLvlmTw=",
        "LogClientException",
        "#=qJAZ7is41tIXMNDQIkGLgjRC15Eis_QBrdFx8JT2Rx54=",
        "#=qqCUKpKbVq45Cc9OUN5wTXw==",
        "AsyncCallback",
        "#=q8GRQigucU81Rfg9VpK7PVLcjulhhYVPijYKMm9N3PJs=",
        "r[D}E",
        "<Module>",
        "#=qXz2OER2RItZOjngvYurWLQ==",
        "#=qXCUD4SfDr7DmFI64sweGXTg5Ns_ZxTOZPqBRcEKWTQk=",
        "#=qhVWucYSqOmMmp4RgG95tFA==",
        "FileVersion",
        "ClientInvokeDelegate",
        "#=qlMIFeU84lweg5Ul5iSg2vZUvNnPKw11XA1pEUQfzDeg=",
        "#=q3d9CqFPpPy$rBhZvyFIRs_ElAFMHTo4ZZuE_g$Nfrnk=",
        "IClientNetwork",
        "          processorArchitecture=\"*\"",
        "#=q0myQQ6i89t9SZyjYDXZrBLa9ljWEUD7zAwJyyFZowQc=",
        "#=qKY90T141DaVDQT0DHaMEr8C6aPEoolamkqMM94Ir$TE=",
        "#=qM_mpCWjOCBlruGH_QcTQHocD7LUJCLuKe8ntf2VtQlk=",
        "IsNullOrEmpty",
        "#=qD3hoTFeBJT$SvX_fQh_aIw==",
        "#=qs202XG_JxpBwpKhptOZhRA==",
        "#=qJMNT6BwQKSi707UHw9_x7oci6egKjto_AgHYlITH34c=",
        "#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8",
        "GetConstructors",
        "#=qVl3h61LTPSW_ew_st_OlTAm7x_6Xu4hQK$pi2fSiEIs=",
        "#=qSpdFO0arrQmbwA1JpPKL4TCAmwZYVDNVmpRQ6ryTPgs=",
        "Contains",
        "ThreadStaticAttribute",
        "#=qEhveuZChxbRj66Cj2kCGjw==",
        "#=qIe49uN8SyHwjwKdv9N2r$A==",
        "get_Assembly",
        "GetHashCode",
        "#=qA4f0kKyGXTRnU4z03oji_RIPyVnvoC_BRjpESDLHXqY=",
        "#=qL_Q_RdUm_wJ7VeVwUqRXbA==",
        "DESCryptoServiceProvider",
        "#=q5WjY_m3ubVFfbJuyu7GMxA==",
        "#=qrJaovDbn6146mBrhFbUMbw==",
        "MemoryStream",
        "#=qhA4OqIvVSMpJakxtoytoCw==",
        "#=qTYemjRfvVDuBO5lrz3Aq6g==",
        "#=q35mMBfMcRRKrjeZsPOCz3A==",
        "SecurityIdentifier",
        "#=q65znFg0_234nfnhL4I8yRSIMDpdjAosbzeDfyRZVW08=",
        "#=q_5hmJXim2EG1abw3Kju8nMffXDIbl5na4zXqclsRK_s=",
        "#=qAzhW8LcEnUCELlhG4klMCnw00GcHco1N61RthSA9zQU=",
        "#=qjcSlrUNMLgvZWN$58FXdrl22$0OjCpoqksNsslRtIFE=",
        "set_Visible",
        "#=qmLTtz8OEDrkzFTzYkI_Dg1dvKwiGw9blNcZSU_QqMsg=",
        "#=qi3LnKomYQ5KrkAbxbJpKCg==",
        "#=qjAD5jc_8Kg9x$NoAqFAvpA==",
        "Application",
        "RemoveValue",
        "      <!-- If your application is designed to work with Windows 8, uncomment the following supportedOS node-->",
        "#=qNn8WS2rooUJUoMsG84mQ7PkK4IQF8$E42cyDjfL7Kqc=",
        "IsInRole",
        "-,& ~(",
        "s%dEUK",
        "#=q6TsObh1LqPbvVPPz_YjbtgEdyXL$082jRqG42$db3nw=",
        "#=qq2h0VNJ4eWuHP5LphH0mpA==",
        "#=qGWcF1$SkVAOkK9Bjc82XDg==",
        "GetManifestResourceStream",
        "            If you want to change the Windows User Account Control level replace the ",
        "set_UseShellExecute",
        "get_X",
        "ffeeffefehah",
        "FdlvK",
        "CompressionMode",
        "#=qkzr_P52_BAWJXliKWvb8Z6oiWEishcUAemTNzwiiwkk=",
        "#=qhYMTmNdkO7UsEcfduWinsQ==",
        "get_Value",
        "add_AssemblyResolve",
        "#=qee1h2XwRBJvy2g__X40enQ==",
        "#=qFNeaOBvMHuebCbgh$0IKkw==",
        "#=q$jOt_Qd3idEY2i2z8zIong==",
        "#=qoStPOR6UymX3IGbwW$iFxA==",
        "#=qkxH2pC1tIcRyW8E4TCtfHw==",
        "#=qecBuZmXKFD$jZa5T0d0L1w==",
        "#=qwrVB2mw7gzmYRanSJvSoPg==",
        "SymmetricAlgorithm",
        ".cctor",
        "#=qGGQk9IvbDfVOJG_jRDHqOA==",
        "GetParameters",
        "#=qhSKaq9YW4A_ja0UC7Difmw==",
        "#=qr1BSJWWt4_gjKhDM1XdrUmEEDWmH$7z1xaJvthJ97EQ=",
        "#=q0yJsLo0aFpSu9ky8R9f$lw==",
        "#=qbbzTfwYbEfmovMRrVY462ipA8X_tt3oO3M_wSSE0I_A=",
        "OpenRead",
        "EventHandler`1",
        "CommonAcl",
        "System.Collections",
        "#=qW1UvUJT2hH$HRJ6kt_DhXQ==",
        "#=q3VDCpnvucWhkt3J6zytXBA==",
        "#=qo8wG17V6QHcxsU4R0xmY_Q==",
        "#=qjVLlQtRAzKVOtyLrw5PhiGVVmXqMJJOsTT5DxaenWCY=",
        "#=q6FX$JRP_bY_ZCQbx1UwWug==",
        "#=q7_KHECinDx5vq1IBX7p8Ow==",
        "#=qK5Mf9uxDCjwDRfyJQ6kp8A==",
        "#=qx4AWw22LafncEy7CESjbGQ==",
        "#=q1Ld$ycQpy0q1QvYRFk1k5lwgysKVR2tJyNFjakVtbYY=",
        "$72526e69-b989-477f-bfc2-ee79adbb38d5",
        "#=qVVQJ$z9bl7kHgfvJohZnMPofzhiFJ4f4yMGK7Tpp6xg=",
        "#=qFWLbBQgFiIpy22HFbhF9GQ==",
        "#=qmvGJ0E7$XHigSQAtHtZ6z$on2iAwFLBiFtrUR$DFhQPAtVI2LIgzNztIgPvlO9K$",
        "#=ql4R4vy5H067cy2C3KkF7Mg==",
        "DefaultMemberAttribute",
        "#=qGgXamaT7IeK3DM0oRfGI7LZg7FrEWNz8CI_5MUlFEJw=",
        "#=qo_N0HkUaMUQFRCOsgr2ciQEl_IzgJy64oQzCRnN$Qy4=",
        "/.ffefefeeffe ",
        "#=qFBEI0HItLMNpyOY0AgRxSg==",
        "KeepAlive",
        "#=q$E54nUJeqC5jURP4oCRU9g==",
        "#=qMMkhBs_8vtf4989qCM6TUw==",
        "#=qUzL7S_0eXIkbwTon4AS_WA==",
        "Restart",
        "#=q9VIijSO53lpTS2jV37$Suw==",
        "IAsyncResult",
        "#=qxHMqkcY5ri8Rsxs7KCJ8ww==",
        "#=qv1Nmoo$HMwdd1A0cX75UdA==",
        "note!",
        "TextWriter",
        "#=q4rZJEBSRFNm6PYOH7NOLUg==",
        "#=qZbWC$V5YeersjeRitYkSUw==",
        "GetDetails",
        "#=q1t2S$ib6pQFvBWAJfG9B1Q==",
        "set_WorkingDirectory",
        "GuidAttribute",
        "#=qrEy8UTPh_zjKUNPlgJ2H5vQaVxSgPloAxSMCkFttuk8=",
        "AssemblyTrademarkAttribute",
        "#=qUlcwHJCewxIUk2tiKMDjXYc$Hb1k7TCZCyGdm6C93UA=",
        "#=qy2xCoaL3Dm6E0MYt7i8x7A==",
        "DateTime",
        "#=qh9KSqT0kHBFSDanZ7gXkKb1vdDfzZS3JIRcUnMfcljE=",
        "#=q5uvtKo7rLfT5wGY5TBS4ixmbpGEL_B71rwbORlBpBKA=",
        "#=qqn0Pbku3c3j14idd7rNOJmIbi4WueHDQGNjxpToWe9w=",
        "#=qfGQBFs$OKLefNYKSta_Lbw==",
        "#=qYQagvH1k4NeWsCidwFRb$sQTZXPGouROQfmoImiPGDo=",
        "      <!-- If your application is designed to work with Windows 7, uncomment the following supportedOS node-->",
        "get_Version",
        "#=qCI9CHxEGVm3HnYdn52IpdQ==",
        "GetDirectoryName",
        "Thread",
        "#=qruARjy_8oZkz3lsHPGxBMA==",
        "#=q_ux9H7Sh7a2A98b6QB8m4w==",
        "GetAddressBytes",
        "Directory",
        "#=qgbI51haY38WJ4NumXDqnLC_uKv$aRHAyD63c9HgGYzlsFjikAASqT8RCSswEMouz",
        "IClientData",
        "000004b0",
        "#=qrcOHnfaYxPMN2$QaNhNmcA==",
        "#=q6zjWArzQ8Jv_1waqxSeP8A==",
        "#=qWFEttW6Y2i$LC7_zLCNdFCiHtPH1yR98w7TbmrS4vUE=",
        "#=qP05CRmbt2pJg10eRU50wu1vx$mfteEn$pCn9SEbehP8=",
        "SendAsync",
        "#=qaSWqhswYp72H_CatHelXxw==",
        "HideModuleNameAttribute",
        "#=qrXs2l$bWJlHMZLHncLNYyw==",
        "#=qeAiPMWOD6_wvQ4$bYsFv9GLgsem$trQFsnkw3WN9igk=",
        "GenericAce",
        "#=qs77tphQ2NXlLwCZkimhHsowpXGqSYmOGtKiGHHIs4aA=",
        "CommonAce",
        "#=q8FSwXWaEOgeGW7OlBosSfg==",
        "FormClosingEventArgs",
        "-\\&(#",
        "#=qY9NY2gigPsj8X4CYx0UCT2vGlqkgsq6GuC2fWqP3Voc=",
        "#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=",
        "set_AutoFlush",
        "Exception",
        "InvalidOperationException",
        "#=q9DR9MBj4z9rQMPU2Q48EqjtFhU8AMGWHK02_s7IakJ8=",
        "get_UserName",
        "#=qJ8bMKCzzllPDbJIfPSoGMA==",
        "#=q$fGRvwQxjFKeY$SH10p0pyPTU$R77VMKr3CcLFQeQ2Y=",
        "GetBytes",
        "#=qGzqsy60d_qAVRip0TvyGow==",
        "NanoCore Client",
        "#=q95w9MpaG4ZcgkGgnmQITOdHr5IaLXD8aC6o3EqtE0PQ=",
        "ToUInt32",
        "BitConverter",
        "set_Position",
        "#=qAk5SEnvr6iWKzWTaOapTEA_BFwuNkz68xuZLTnuQOh4=",
        "#=qREZQml1AE$F8eb3teEaUmQ==",
        "GetFolderPath",
        "GetTypeFromHandle",
        "#=qOR7qPTYp9qHTyadzUKgUYg==",
        "#=qxH0vEx09STdEljqb$W1E7jvc94T2TeZBAEeRdiG1_PA=",
        "EventArgs",
        "#=qamR76KZ1klLpv5s7oSbjxA==",
        "#=qJBJs_Q6YmbNTnGoWFx0s8w==",
        "get_Current",
        "#=qtxap8xCUFH7z14nNy3cjjw==",
        "FileMode",
        "#=qlzCbqLxFuzycCPDZStFfAA==",
        "#=qd5f1i4cDO3tAO_bEb7g1cw==",
        "#=qfHad4tglpNfnMqZ6nFkPPA==",
        "#=qZRkZQGrnZUWoFBVE_TP$5Q==",
        "#=qS8q1FyJsn2_ukKh5ONBATg==",
        "#=qA$TQXn2i$KwpdqxTX6vvVw==",
        "#=qEIGjjvppBA3BShbdBfMkQQ==",
        "#=qOKSmYE47P2z$UXqGETlnfg==",
        "#=qbMe5UnnXEF8aurHaZz6klA==",
        "#=qDH4GuNn5iW6RFhEPrfs$pQ==",
        "#=qJdNCQZ8JQCfthL12ut8Zgnr9$rl3CuJQ4GAn54E6CXs=",
        "#=qAsxHG9v$MAI6$NruMbxEjA==",
        "#=qk$cpdn6seqbcKjxGnztc4w==",
        "set_RemoteEndPoint",
        "#=q5hEV9yBEvglIR94FFM9OBszK4aiazrmJrQshba2kpDY=",
        "#=qcCYGLZOh9EpzU$sjJG8ZyQ==",
        "#=q79YE7jk$t8I7uIUVykHcVA==",
        "#=qF7qP$SJNVn6Q0z6ARFaJgM2aiYbkFhrfYn4Rl6Odj3I=",
        "lWKhz2",
        "#=qQtwc_i6uv63Hs$aOrPLxrMU9lMXbhRW79NANZrRxozw=",
        "TransformFinalBlock",
        "#=qDt_4RPbN$YmUyKsVRrbzrjU6uaXWwjHkaZoJAcuFCCs=",
        "#=qP42Tluk0y5t5VrN_nwVhnaX9baaRq2NaLaW6RMHNX_k=",
        "#=qrSKFiRrFo6$kUL7kjfG3zg==",
        "CompareString",
        "#=qdwmMObmoGgv5eEpelZDrHiipw5mUgryufdcXXig375Q=",
        "get_UtcNow",
        "#=qmiBgFZvSMQ4WgT0UQIJlEGkYZhWP0gsBGd1anIAH4so=",
        "#=qKKJCW_KTAsIH3uNlP3Z4Tg==",
        "Equals",
        "#=qDwymJFr9Z$8uhJ6g7so5xw==",
        "#=qWrm21vQ8CBMZP_RBTwpusA==",
        "#=qABNlGFDc7nOg_C39swAcLA==",
        "#=qTMXjZFh8G1ehMXQzo1c_k7izR$ZNvDyCJY5aoZ0yOe8=",
        "#=qwHAjqAoc2lT8vaebbsWerg==",
        "#=qyI9vgsKRXHDyyks4VCAjzA==",
        "#=qLLh1749MqIyRucx6BFMp7Q==",
        "G3feffefefe",
        "#=qObBSq08BLhHK8B6pYQSLOw==",
        "#=q3p_D2U81K1hW2D54P32yDw==",
        "_Lambda$__8",
        "#=q62cZqzG2QOltpyG5v7exPQ==",
        "[SZB+T*",
        "#=qiNB6YyqAJbx2uPAiP1Ihw9dTNEtwaZElmpYLZcGO64Q=",
        "#=qtcl57G6kPr7DDYeWeY389w==",
        "      <!--<supportedOS Id=\"{1f676c76-80e1-4239-95bb-83d0f6d0da78}\"/>-->",
        "#=qQ7tSKwAULKz8TSFsLbtapA==",
        "#=qOmCJCQ4xVqqqlvNEZD66Wg==",
        "#=qTawRDksY2KFvY5V2vw1_pA==",
        "get_RemoteEndPoint",
        "#=qiJXCsKWBF9DB88uzW4b92A==",
        "#=qo8RCFr_ecPE9NSA5cyD6QQ==",
        "#=qQUdl15sQ0xTV$45YaAtVB9Bx2NeRc0CC_5Lr_HuNXwU=",
        "System.Security.Cryptography",
        "#=qw42CdKVHw2dycv8VU7DItg==",
        "GetValue",
        "Enqueue",
        "#=qeADSRAqxC2FlJbA5Uc5$2A==",
        "#=qVqTMYHwCmwUHM6kkpNkbGw==",
        "YV= J",
        "#=qwGYG3$xqr6oMjxRyF4i0Uw==",
        "get_Count",
        "#=qRtpaHvp1hQcEDS$UubP_mA==",
        "#=q1r$Sd9Acbw6KsKv_F9uYTPvvGAfiEwUnai9OGYAUQBg=",
        "#=qL2Az2fdQv6DkEBC_x$bbMA==",
        "ProjectData",
        "#=qWszclzYrfU2ikD2Jo7BLiQ==",
        "#=qcfHq18AlWjOy12tBCM8Tbw==",
        "ValueType",
        "#=qaysgaPdcuRrUvev6__tYEA==",
        "EnterDebugMode",
        "ResolveEventArgs",
        "#=qokX_wSaMFvPLXvDQY377gw==",
        "Delegate",
        "Interlocked",
        "#=qs1aB65G6$bPi1$cdOrXkCA==",
        "    <dependentAssembly>",
        "#=qFWCMyHOrl7QbIPkMYdiWJg==",
        "#=qM4zv780c6Jc3GVu15xhaulIEjuiWD$RKEtosugOXKLA=",
        "#=qnDLRD4lBlfyGeJyuSeq2WA==",
        "-/&~J",
        "#=qd92UVUgmlXoQZdJDkVvBpfqQ5IrxjaeWORyWFC422PQ=",
        "NanoCore.ClientPlugin",
        "#=qYCS3QLrXk$FWhHR$BIzDXQ==",
        "#=qJOtLSdKNdNGjNNoElacScY2TTWmLUvN6XZsl_FLfP4o=",
        "get_SocketError",
        "#=qOgNXWEIS3IQJCnff_sTmrA==",
        "#=qHdV5wMNiXS49lDrqJF3pqA==",
        "WrapNonExceptionThrows",
        "GetType",
        "set_Key",
        "#=q3C4Iol1nMl5AFLWNdE6nxB2_kG0uXzx35vvsn$gQzt8=",
        "#=qdiuHngY4wejUsgFY5u7CtQ==",
        "SocketAsyncOperation",
        "fefefeffeefa",
        "#=qDTvHA26pSwiGBDknUzewBVNt3YGW7YeSiQRH8F$_CMA=",
        "feffefefe_-",
        "Version",
        "#=qpSjmalSIZ6iBUAWRLBOkQ5sPqtZAetb$LjkOVwAdUac=",
        "#=qD_C1_4vUU8j6eQSUvsJDw_O6DZliNi$NDCaON05RwdmBpVqAu68W00hmx80mCKp6",
        "KeyValuePair`2",
        "#=qbzig1$2CwLluEJt5uPtpgqPx5y_2S$GoPgJP36N8bTE=",
        "#=q3eIsVMg85$T5I_yeach_tN$TJG7$vFUaeExZx7tMHps=",
        "#=qxLboOdsVFLmyLD939$tUsnUMYRMeFnzOLiWxQdY7sdc=",
        "#=qSl7F7iXGTH9iNXHds05fxcgA7Cydd52A6vZtHH_41F4=",
        "#=qCy_StxaanQioOSGQ9LimCF9_Wy9AMBNKclrIIUI0AWs=",
        "#=qUomzGDQTZY7jASgBmW35Fw==",
        "#=q7Kx5VWqZvUxLZ2L5c7WH8A==",
        "ntdll.dll",
        "feffeeffeef",
        "#=qc46h_4WA5z0UkWODs1nwXg==",
        "#=qB8Wn1MJrSNWupWDx0sYcAQ==",
        "        />",
        "Mutex",
        "#=qHtBOSXbLfhirIdzL218uOQ==",
        "ClientPlugin",
        "#=qeXI2ChPq1TaKaY8cTwWe4uWAyXSGUqAWxM21uH$6gYc=",
        "9feffeeffefe",
        "ReadSByte",
        "#=qo734_kbse$6lTIlwlz6A8A==",
        "#=qhnLoeDP_EbzJexQQPp_LLA==",
        "#=qnDc3CmkCB1QeN2dXbmqV1Q==",
        "      <assemblyIdentity",
        "DebuggerHiddenAttribute",
        "#=qfoMVJHfk0BnMs4x6mHO77Q==",
        "afeffeefef",
        "#=qWsrg06gTzsE5hhHu57fJFw==",
        "#=q$6Q_u19FhL$wNOun9AB$CQ==",
        "#=qW1Ty88cS3yMuRwgBrH3qpw==",
        "#=qGPdnFVTlqnS4tiFpuQulXa$2eC7Pe6YqVeImkUGsMl0=",
        "#=qXOmEbR_8DUzPz6sW4Kmd6kaKUIQOYZdTpvq2CkB17PTlG1zEUgI_P4skJXU2VwtO",
        "ArgumentOutOfRangeException",
        "#=q6uKQziMZIL8_PaX2KpbPTA==",
        "#=qvz1sVA0ePAgs1nzIHQTFVtjljpeJ1QO1S19vLxn8DMU=",
        "GetName",
        "ThreadPool",
        "#=qOYQA1S8VHR$mOO6XXuyF9Q==",
        "Control",
        "#=qsB4PatedVyMOyo9s5n1OTA==",
        "#=qi_z83UuaQZa6UsXCAahbTQ==",
        "#=qQqZpewiWxGMAW$tQ9Rz23Q==",
        "My.MyProject.Forms",
        "#=qZvjD49iuetyLKBIiF$ZmjA==",
        "          language=\"*\"",
        "EventHandler",
        "StringBuilder",
        "get_FullName",
        "&&*}c",
        "#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA",
        "#=qw1t7iX7Q4P$CBQxdhg13BQ==",
        "#=qrQRxQdT4MC1qfwOd4n14uA==",
        "#=qa3EpMqO3KVCTrDUnetWt6fRbeWox1uN3vfSP5v_W_wc=",
        "#=quebj1wBCmruzAKmg6Y4Igg==",
        "#=qhme1CFqs_evb4VXik7N4x7lNdqSfuNy3r3OUWZ1V4Zk=",
        "#=qKpwDTqgBVuprqflj1$7QZw==",
        "#=q2Xp4jW9C8Ta21HxmpVVhKkrHyOAsktLziyvL$pPr$5o=",
        "#=qCaHpjtavBmCU_o5x0kJsKA==",
        "#=qxG1wJpkOHyc4AD8gtAdxAA==",
        "-<&~C",
        "#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=",
        "#=qui$hq6ka6v3VYA7sCjpJmcmNECKESf33DUzrmeSOmg8_E_GsgWi7VMMVWUGuO5wH",
        "SearchOption",
        "ClosePipe",
        "#=qb0tmyILenEyH_R9DXJFwB5rGNfkKkR0Y5sGtBRsV3YE=",
        "IClientNetworkHost",
        "#=q9Dmi1iXzL1JAj2RiS$Q5mw==",
        ",$&s:",
        "Microsoft.Win32",
        "#=qqRc2eOIidDtWq4y7W2lAhSyv$pBRJdAsYlXSRUcwizw=",
        "#=qvbTNBihG2zARsewkRIFTSQ==",
        "#=qWLKNBubktRcyu8vI4dIAJNOqajvyL7NccmUEC4QD9y8=",
        "#=qHiBdWLOLLVg67b8lN8FRqgmYNWZfcDieu2MH9_zIY6Q=",
        "#=qOsu3u3mLIa8ikCCuCoOv_w==",
        "#=qs0qPjhSgxy3k5gj_gt12EQ==",
        "Component",
        "#=qcrlhteALkcfYnKFH$UWw$HzZqj8gdN8_KwUKIC_ywUo=",
        "#=qXuSOL4ETByiwdARI_Ds0Cg==",
        "ReadAllText",
        "#=qUVvjDZc2eypEDWG9cFZdTg==",
        "#=qP6OAxyfxw$Mj0oVKCDnh2VZfwY2Ap_uDBmUyxkn98Eo=",
        "#=qsOMWyP3LvE9$utIXVnRnmQ==",
        "FileAccess",
        "GetCallingAssembly",
        "#=qIOX_rwHrS_RLFL2igzRsUQ==",
        "#=qKXWwuvxG9klNObPbc$UF0LIw0aZIk7Z0VPIncl8uFJQ=",
        "#=qhv_9OQaSyr5PWElvgkBxFw==",
        "get_Variables",
        "#=q_UogavoS8ANyZp2cF0B9t7qG1b3QUqGTYeTlmQIKxqY=",
        "#=qU_UZ3uhfwWgI9uBw5HT3xA==",
        "#=qbFnmVfulgLVjclcqmmhqFw==",
        "#=qccx4d_xNMPrZUHpmyYb7fIKkXAFa5XEyOIxXg$XLtBw=",
        "#=q9WHClFSp7T8oS_DNFEbAHQ==",
        "GeneratedCodeAttribute",
        "#=qIKJSaaKraxRzi3AD57FKg9MQkSdmOqUcHNxKjSZFGkg=",
        "#=qixBu4j6Hm11f3$mLrzkCcE4AVWtWeNn5nQguwdGbWGg=",
        "SffeeffefeYa*&+",
        "get_ExitCode",
        "set_WindowStyle",
        "#=qRkk_hj7p4gbUu59IVllqeQ==",
        "op_Subtraction",
        "#=qy1cXcK8A6uRpLlCz7UKkNw==",
        "#=q_kGyEn8KrmBmt5M1N9cUSg==",
        "#=qSJAMGBE37IZjr90jS4_MYNWNa1$s8PXhOErbnAhK_ZI=",
        "1.2.2.0",
        "#=q$7KUBFuOZT85iBmKYeGgXQ==",
        "#=qFU5Nq8bBPIPoBGBl$k8ehEhmgSoFzsflrFNnOQsCK6E=",
        "ToLongDateString",
        "#=qpNR_LpdLu_eSOZVgxbr8UFRlKjbiBX7LOuGAbGS07mXUJI3AAilu14uPN_kfaTpW",
        "#=q1vWrLhskrN4OoWzxKuDDSQ==",
        "Increment",
        "QueueUserWorkItem",
        "#=qyo6slTMfgD8IrZ7nr6inHA==",
        "#=qz5nGZygXT2sWR5FWGAcAzA==",
        "-4&{c",
        "CloseHandle",
        "get_DiscretionaryAcl",
        "#=qyMcWoZuG7jRWeztMnp6fPmxxmqfVgP7DLzGs7HeF4Mo=",
        "#=qDJ0VTVPWfAWYghKX_DdnsQ==",
        "#=qSh9$w8INPkos7acCjV2yFw==",
        "#=q99eEsMLSp2$EVfl66Ua2d1YMqB58RPj30lLgJzJJ64o=",
        "System.Diagnostics",
        "#=q8xbuK7pqyq7mWB67vviBtOo1WSCccuR7xEQnGnyxMyQ=",
        "#=qtS81hD$ORACBvdEkFyqaXA==",
        "  <assemblyIdentity version=\"1.0.0.0\" name=\"MyApplication.app\"/>",
        "#=qxG$Aklpbf6gyBfAqTMmORA==",
        "#=qqj4vWwKBJgvjF_JTc8V9cQ==",
        "SetProjectError",
        "get_AddressFamily",
        "set_LingerState",
        "#=q02vg4rlYSKrSiDNi4xWbtg==",
        "#=q44BQlEuOnjFd0LbnzKKIIg==",
        " :hu'a",
        "CLSCompliantAttribute",
        "#=qy7SaTx6mT2Pix1CP6ET1Hw==",
        "#=qyU_gXk4hv73zg3zoSZSLhQ==",
        "ReadDecimal",
        "ffeeffefeXa*&+",
        "#=qpXMe_UDgWsOaRVi$02jxzg==",
        "#=qM9NIml9iDZh$Fjh9MocFWw==",
        "#=qVqLFp2u1the0Txg1vhieSw==",
        "-&&s9",
        "#=qmzYu_D9f4dvUPauEaU7zvyNjCyGp_73Xn5SffrcfQAU=",
        "        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\" />",
        "Encoding",
        "#=qZDHx38VzWszDP$NdqQpGo3ak_Z$zbLpODJse1_Sr2hk=",
        "StringFileInfo",
        "Dequeue",
        "#=qi6IJz6lHhd8GI6qygHcvTxSTD2wk_BSYwC2NR2eR0yg=",
        "#=qaPkEKJmdD7BgG18R0WsnHA==",
        "#=qbYAYBaHwcEbf1CaxjAi1bw==",
        "#=qGjp0Vb6efONwANkcKrMTkIBxJvr9AleFfJriudyTw3c=",
        "#=qpghRvZG4ZfcsmvAYC$o8qN0WjB387Pn9cG$Y9HJ3uwU=",
        "BinaryReader",
        "#=qbmVTgf9cRSZkM_UgFSJrlQ==",
        "#=q3rtw1eBB$yyPLXzQW$mDOw==",
        "#=qD4n8L4W9wQXrF7w_31K9bjmy3jeB41mSJJrYkh6lpiE=",
        "GetCurrent",
        "#=qdObzsTSX0MpvDi$OPjsFh219oh6Iw7DshgNWGveAvBQ=",
        "ConsoleApplicationBase",
        "#=qRIR1iTmdtHs$eBwEdoKphw==",
        "#=qth3CIdKay4zIa5SBJzx7eA==",
        "#=qglhcKpwNlOshaHMfwiT0UA==",
        "PipeExists",
        "#=qFgBBonKcV6U3Je0BKZZdAZdyEla0MkDel5SRrEzLUvs=",
        "#=qwTOYF_qEkI0dXowKJYtI6A==",
        "#=qeE3S$kdx9R0s10U9GzzcFw==",
        "OriginalFilename",
        "#=qNZVIIdU4QECigaum94nwLctVkDSuRt$X4_IjuFpWVuY=",
        "#=qRACckQ0ejzlKZgeXX_CPJUyKbl7Zu7QfhWW6eMM03VPusMYB8LREfJZQVcTGHBm_",
        "#=qIrsTmpVUMRgxokIHlpGfmLtKeqxo7vQsjSkKUKFpH4k=",
        "#=qt0$GxMKBUHqpa$X5z4IJNA==",
        "#=qEVnoj7wKonGmgnYpK7PNGg==",
        "#=qtz1ayBjdbHAw$ecbWtEnYJXs5RBd798kqoBvIJunFxc=",
        "#=q0M0RRypoNIjajWAugf6WjbxM$GiKS9VjK_mg6sI0TI8=",
        "ClientLoaderForm",
        "#=qqMkZyGiL$PHkYblZrq1S69029tlEdPXkxbM_smmrcRU=",
        "System.Runtime.InteropServices",
        "#=qAlVTP0_ZXWJdoW5RI3VoXQ==",
        "#=q_$06eDx4N3eSJzkchUhbnjKtHnRsckM7I4ZqcwfQO8E=",
        "<?xml version=\"1.0\" encoding=\"utf-8\"?>",
        "#=q_jQLaNdtSDa6ovA0VGw50w==",
        "#=qyNgKOA3iTYvKx8QtBmkDXA==",
        "get_StackTrace",
        "#=q9lvTmS27dN6FAh4mbOnRsQ==",
        "Computer",
        "AceQualifier",
        "#=qdupfYLPCEHNi$xwR52i0Lw==",
        "#=qhRDMBTieg0MID1DJ88eKUA==",
        "#=qj8dHXOkfX1HmIFktLFgFBNrpDhCGGJk0RPJopDOaBy0=",
        "DisableProtection",
        "#=qyGoc_ssbL9RdagmvuBld1Q==",
        "fefefeffe",
        "#=qMoRe_p4fasg7BcMJcnicWw==",
        "#=qsx3W$FQbKM7QI$Z1TXWW5A==",
        "#=qO4hvdkAW0_yOcwEk_VD$lw==",
        "#=qaxeBDkuvv4PncQ$UM0p8ag==",
        "NanoCore.ClientPluginHost",
        "#=qy_aVo5ze7CCnCYXCQvhVBg==",
        "RegQueryValueEx",
        "#=qaRJX6K2L3xhR1w3zuwE79w==",
        "Enter",
        "TargetInvocationException",
        "#=qbNq0eOj9Pw66KrsrDd4qnA==",
        "#=qOTqiIHVN4TWDu4_xhgbifQ==",
        "-)&oN",
        "-7& E",
        "#=qZuX180bPJwK7MhIsqenk34Le3ZCQFFLgmBb4sMlYIpg=",
        "#=q1kCP32T3CbXwL6JS3UekkltOicB4KjO4W45iMQoNvNk=",
        "#=qi1H2yZDbCxvPo0ia9nVnuw==",
        "mscoree.dll",
        "AssemblyName",
        "#=qnOTCmwQWr6BtiNf9ta8BJg==",
        "#=qOWs9MBREWujnaIdYgAI1lg==",
        "DnsRecord",
        "#=qjryTBW16mUfo_ItH9KWoGQ==",
        "sUjT[",
        "#=qSoHRCAcaypsR55EueXBy1g==",
        "#=q0FQ_PiagXHm_B8aG8Ji9Dw==",
        "Compare",
        "#=qRHdMxv5xMrip5nI3eHU3Y52nJ9DhG_ImQVoJh$ooupk=",
        "FormClosingEventHandler",
        "Operators",
        "ReadInt64",
        "#=qNsyg$dsR$GJkSvK2TftGTNPuC8S809j_UmmfNnXTTOo=",
        "psapi.dll",
        "#=q6odj$nz79NlWTFUK6$Vbrw==",
        "#=qzjreg8z0D4BPrx4RxUJBoQ==",
        "BeginInvoke",
        "#=qj9swjNLNpEBN8mkOlVmrOw==",
        "|txmy",
        "#=qRpw30Lh0nfhDryqjhyjikg==",
        "#=q2l$b42bR_hlbzUjQTk6vFw==",
        "#=qWBzgr2CJEoV4DPIbUzdZZA==",
        "#=qWsAxoahmYzeECOO4WB9kTg==",
        "MessageBoxOptions",
        "#=qF4e058OW__NtTzhWOs1UXEJiHrTSwnIZ3q2u9UaLbo49AZaoog8nMfoDeA9BGVvy",
        "get_Connected",
        "System.Runtime.CompilerServices",
        "#=qDJ8UKTQIGM$_7XkvuUdssA==",
        "#=qkbMW3ViV2G4xkJU4KS4XYUwKzC$oNmhjZ49L9c8BrOM=",
        "#=qCPeeDj1tZ3_XePWJJx7FTlBzWHbtSGvCe1Je6nRznW0=",
        "wwwwww",
        "#=q8fYxP$_i6Xk0$6OlSwUHKcvhrevHxLXqXqvszBe9OtM=",
        "Exists",
        "#=q9c$dxNln4J1nxxC7UNVnfSKvSgKS421$zTS6z9ahlusddEno_MZclU7Qbfc$Fyw5",
        "#=qa6Qg4SaIgpIknX0EmOdEQg==",
        "#=qSLl9utb6ViD7fbZHSox8oSv7PZDBMO5b6MBr_gzzHF8=",
        "#=q7wyeNFqtiGUhQt6sicod9g==",
        "#=q4P1tyVDbmSIMgskx0BrPh5ZxjoQy0earrulDSsNhpg8=",
        "#=q4fCxMFfzJ9KgfK61DJRvZ5wDvDfYnqR8bhY6TGq9aRk=",
        "GetFileNameWithoutExtension",
        ".text",
        "#=qg61MaViIt3ErBjuA0N9Xrw==",
        "NanoCore",
        "+# S&",
        "#=q2JCFpXLqGkqf10Rox8zrAg==",
        "#=q3_2_t217j7pS3JjemZNI07w3dukMmHXPSE5$LTnvGS8=",
        "#=qN$clRL1tbKGnARF7__FwJg==",
        "#=qoa807UEkAFejsz9ub3crU9Uahxxj5JIyAtKhnrEn$dU=",
        "IDisposable",
        "#=q6W8MK4LKkww2JvseikWqeA==",
        "SetThreadExecutionState",
        "FileDescription",
        "#=qQCd2OoCcjOFxsuzhZKv2M7$UnAX8JX19NdffDxgtv3I=",
        "WriteLine",
        "#=qZnbTkU5kDU8O8$hMGiNZlQ==",
        "$#%#&#'&98:8;8<8=8>8?8@8A8B8C8",
        "#=q4kUEXPi93MnvgzV6ySNPRQ==",
        "        <!-- UAC Manifest Options",
        "#=qeAvM9D2ZXEFg7Zo1J5PeVA==",
        "Connected",
        "ThreadExceptionEventHandler",
        "#=qqsKAc3v0igxVSmn4Feg8q$1tNTWiqtCBpA_xMlgU$f8=",
        "#=qtkqHWk1kvmO5zt3tTCyF2Q==",
        "CurrentUser",
        "#=q3vPs064Rj1jBOLtFVqV4DA==",
        "#=qYfWGXuhZd0cmWjiCvW2EPw==",
        "_Lambda$__7",
        "Initialize",
        "#=qTKJrybVS3pgV4uZ4KNtp3g==",
        "-,&~~",
        "#=qxybSLhWq6EDNDl0$FuPN8g==",
        "#=qGfiJ4oSCDzJJaNmf22anQw==",
        "#=q5esm6BVWqrzEai7Zgw0cmQ==",
        "advapi32.dll",
        "#=qKXbEtqEIo3E2xdYWIElxIQ==",
        "set_ShowInTaskbar",
        "get_Exists",
        "DiscretionaryAcl",
        "&&*}n",
        "MD5CryptoServiceProvider",
        "#=qiO2giJomMFK1wa5$389nVw==",
        "System.Windows.Forms.Form",
        "TimeSpan",
        "#=qe99VPFgyNENK$KtARK_iPuwvOEw_NRgC00PdG55dmGA=",
        "#GUID",
        "#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=",
        "#=qsY8nKQa1iMT2g$sVoLy8u9jrLGP9DMATpaFjFx3wjNU=",
        "#=qR0v_DeAkzbUr6_Md5tN4PQ==",
        "BuilderSettings",
        "IndexOf",
        "#=qovc0J7K6b9Eq_C0K46rbmg==",
        "#=qoT5qP9FYCI8F5V3gKO7eMg==",
        "#=qzzNUaijPluPyLfyxwDObxw==",
        "MessageBoxIcon",
        "StandardModuleAttribute",
        "Rfc2898DeriveBytes",
        "#=qgAKbtXqj_idozuy66wPGJA==",
        "ReadBoolean",
        "#=qlsj4Kl0M6SYgZMJLZ$QkSw==",
        "#=qFikK0kKzvE4fvbzxpsrllMMR8oLIJtNPAGP1lZZ4prs=",
        "#=qP_nucp5xdFjeAVWRfZ2XfmvYhkwWbeeu3y2fkxvS0yA=",
        "Enumerator",
        "_Lambda$__1",
        "#=qPjPHWXGbaA$51Cna2ZaMpQ==",
        "System.Net",
        "add_Shown",
        "#=qC6KOBEMWwIsQr_847d$S8A==",
        "#=q7YEFsRA19ZrxKTBeL$y0fg==",
        "#=qlFQRS6FW1ex39P1F_VW7Eg==",
        "#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=",
        "#=qXkgpfghvTKDZGlXBGI4x9veQO4JfjF7GW2ECw9$L3EvyKZGOnziwXE2Xr1EkpRwe",
        "Microsoft.VisualBasic.CompilerServices",
        "GetTypes",
        "PtrToStructure",
        "OpenSubKey",
        "#=qwVGSEK8LoRuNWEOYfq8$hq39mmxHzM3pIeoRef7XNt8=",
        "#=q_WoKv7McWxMc2YtmbiVaCw==",
        "dnsapi.dll",
        "#=qVIikDYmLtr_O$2vZcqLhHA==",
        "UnhandledException",
        "#=qonMVJIv_P7bZ29oJ_eSSxA==",
        "#=qChHxg92yH05lHO0u7UrDcPo$UK1nFXIjb2DI3pyR0FE=",
        "TransformBlock",
        "#=qRYSdRGBC6LM4UFJJGQnk7A==",
        "IPEndPoint",
        "RawAcl",
        "#=qNzt$mJakh1Nxv4vDRDjTsa1OVDKMAlRCO__qncxMoXRz8jNE7AWvE0B4WIqANR1p",
        "#=qFlfDskRbjMOXZPvSw2W2UA==",
        "#=qK4wGebauvtmTKO0oAyLFzHLhr9rU3HNJmU_ur7Zop$YvLzV4HzmIQ45YslW_q1Vc",
        "#=qP3lBpu0cs5q3Lf$qXSL7q6szA7E5M9NqMzkAFV6l4CI=",
        "Close",
        "#=qh7diH14jww3Fm9rMJ_jIfQ==",
        "System.ComponentModel",
        "#=qGS6wNk5u54YEpqtjtMFIpQ==",
        "PADPADP",
        "#=qHtuZg55b91a614FmHMsOMQ==",
        "wwwwwwwwwwwwww",
        "#=qp9IgcHwNxIVh4GZl4S2tcJtSz0NII67aXwFNDcdhP63JHe9MNg0kPsAos3IUd98k",
        "get_TotalMilliseconds",
        "get_LocalEndPoint",
        "#=qhbsl5nSqHjmKK5u9FniHoA==",
        "#=qM040QWzx1oySCgUyYWc9zA==",
        ";6$)S>",
        "#=qUvO$SDWQpHm3uJq25yzwvw==",
        "#=q0EPYqANhk$fGDlTztPFu2jRCdUruoFdUMwStI_GHseI=",
        "#=qnIGrpAn2e$qTqbA22$ONbQ==",
        "#=qcyVktfYxc51I1XopnwGNjQ==",
        "#=qRCCuvWFd9_O8CfEZhkJtSA==",
        "#=q37jfceDpvm0BhKQMkpktNw==",
        "#=qd3Itd1ELDPHJxhLvt0y1NQ==",
        "#=q2Sd$5fx_doPt8h$UdBacAA==",
        "#=qdsDfPo0zxdY$R7euM0a_vw==",
        "#=q0uUZuMiILVbPeB$t7lx1a0Is1IW4CfkB9ovgW99kERQ=",
        "get_OSVersion",
        "#=qQrBlfreeUYUGyN3hPOorGA==",
        "!This program cannot be run in DOS mode.",
        "#=qChXzjuiVYrb8OlqJPajoUA==",
        "ProtocolType",
        "#=qnoPzE9XMA8S7X5JX6ycJ7w==",
        "#=qOicuy1VnndMMXIrDqqx3EA==",
        "#=qCeF2tfSXulrE0bbyPxU$1ik7Jf3avSO4FKBmKNH9QLg=",
        "ToInt32",
        "#=qHJMw55fNEVIiKcc4ry0o7_L9hyz3vS4jgKl3KMX8xGg=",
        "_Lambda$__6",
        "RuntimeMethodHandle",
        "Buffer",
        "RuntimeCompatibilityAttribute",
        "#=qPgHNba2TbLgSqrCvG0e5Uw==",
        "#=qcDfNIFv7M2KbeeK2ufHf3w==",
        "#=qxYJIjuXFTjRvt41we4akdH1WN2nLMpesVOXXsYuSrHM=",
        "#=qtDC6IoLr5pnMo1d9qdAc2TBOnWqOdlEZHf8Itbl8cJc=",
        "CompilationRelaxationsAttribute",
        "#=qXIsqrB8Mw2TMQ5$s7oRSIQ==",
        "#=qd7RJPnCy4YddvoQeTJhlwA==",
        "#=qquFMi5Wa$w8aN9GGlN4H1Q==",
        "#=qFZLDtLWdUONY4B_gU_jjJi4BgFANcRLPMuWuQINdRLc=",
        "#=qVcF51voQmyGAgyAUz3313w==",
        "#=q7$Vba9f7UkS7OwkHeUGtrn1ymWXBIMnyiJbrBxyOPBM=",
        "feffeefefa",
        "  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v2\">",
        "CreateInstance",
        "#=qsUsGxFgC$BJaO_$VAtZ1Ug==",
        "#=qsLIORBvLMZm5c5Lb9Cm$GQ==",
        "#=qZhds7a6Pui$KE4m8ht8xuA==",
        "#=qsUdW_kbiEct8_uosknsYUQ==",
        "_Lambda$__9",
        "#=qb8Z0_4AS4r8OSPknVYvDfA==",
        "    </security>",
        "Monitor",
        "#=qxO41EOA8VDczxcMMPD9Hv85pbiPnTbukmYyDI5Z6X8A=",
        "#=qrYH2MBQ1J6Wu3hhoHHVW0JQwxTYC8hYBTLbQIYHNBds=",
        "#=qWkPc$uBFgJrhuimjKXkFcw==",
        "#=qs4p7qYamgHyRCYZsTKM03Q==",
        "#=qXyCbQ53pEXrdqhJ6oXoHqg==",
        "#=qo$DZvhC1PKdsChUToY52NA==",
        "#=qGCYL9FviWCrv0prWZC8VfgL34V_6XyB$buFX2LkjbCg=",
        "#=q5$hUSQAZNmEXcUcvGVFJrlqtw6IWJBy6C7LN$kOmTWU=",
        "b`*&+",
        "`%,h}",
        "UInt64",
        "#=qUZMwlqlTBPLi1iscPEnOdMZqp5jDsQ1UK2Kgux$Yn40=",
        "#=qxOFsoGbvlBlUujyS9g3fPQ==",
        "#=q5WXECfTJPQIQ2JoJDGsf9pTFKCPzQGp3$QlyT_g_ZCY=",
        "-2&~}",
        "Stream",
        "#=qNc0O1YGwS4NhcbB7sgpVgg==",
        "#=qlt$K8Ex4tZEPwTl4RuqGMw==",
        "ObjectFlowControl",
        "DnsQuery_A",
        "#=quRXaU$OHlRs_89kacdiUMQ==",
        "#=qb_soGTESOxGbPyWr9RZjig==",
        "#=qqLNJOrQl$9SirTNF5ZKaLA==",
        "RuntimeTypeHandle",
        "#=qZb1TYPPMMY64aTN2MpcGOQ==",
        "#=q9x6KBL_arYpQC$zFf4pEFQ==",
        "IPAddress",
        "HashAlgorithm",
        "#=qBuMzaVqxpYkDVtTnLpbYyjTfZNKm8_4JkuoFHPxOBFo=",
        "System.Security.AccessControl",
        "Z6-yS",
        "#=q1BpeNGUQvsUFoXPmB6q50A==",
        "RestoreProtection",
        "#=qiY1B9yU2oVkPHxhn$y67SFTP8x1Jb0botGqdUGkdpQg=",
        "Timer",
        "Assembly Version",
        "#=qkxzumuLbzy2O2XsBlM3j$g==",
        "#=qvQfNpqhSbw_$p1TB3UFgJA==",
        "#=qDBRodZmvuO0qLafxHA9KMQ==",
        "#=qrWXrfWfqyzD06oY$LsE9ww==",
        "SendToServer",
        "#=qJEtGIBRUjtEusa67yMyqWQ==",
        "#=qVvEn7vdm6JlvG9koG0JUIQ==",
        "WindowsPrincipal",
        "#=qqReemZdhHj1veATVZbU2_Q==",
        "#=qWfwpJtKOXBFXf_1zpmLUrQ==",
        "Collect",
        "#=q5mGK9suCIiUDZgS_YSrSQg==",
        "ReadUInt16",
        "#=qcp_YDS3uDXZMDFWGeFYphA==",
        "MulticastDelegate",
        "#=qP5B75c4g32E_HsewCKc$Ig==",
        "-*&{c",
        "#=q4kB_KjL2oo8adT7lfnt6ew==",
        "#=qPbvCT$UNIh_DPMt5F02Hyw==",
        "#=qKtJTKEkNf2mJVHcZzSW8iQIcsBglzcJJOkX7V_uB55w=",
        "#=q4o4zrrzr7uOw3pySDBOwZtAOdlhvudqcbIbhABkQfe4=",
        "#=qenWi8guqQrvoGB55djo0ka_844yTmViBn5_Fr2X6HAceO7AJErk_Rh7nfkfqtUbq",
        "LockResource",
        "#=q5fG5Wo3pzujuJKotO2WwDQ==",
        "get_BytesTransferred",
        "GetProcessImageFileName",
        "#=qQbsDS5g6rYgVt4AUW_pPJ8MQlCJBs7uyF9EY8OKREmQ=",
        "#=qyYejfncvZCW4q4y4GEV7QqOL4Aox1NSDqQmcpM4TQVA=",
        "#=q0f150kYsIx0s3raR3xq1xQ==",
        "Utils",
        "#=q6ARXRSe2PbSpq5u4_c1Rsw==",
        "#=qpE_mRkS89WMXbQTdLD7bwp4pTt2zrWY_WBF1BLz1fes=",
        "GetEntries",
        "#=qtussAh$DpHFmu7sm9TXJyZsrjeJ6Xm9c2y22v4wQG2s=",
        "StackTrace",
        "#=qc3tkHe_7v$eGA2x6krh72Q==",
        "ClientSettingChanged",
        "Registry",
        "ProcessStartInfo",
        "#=qXzCb60v8h3v0rPCrGf606Q==",
        "#=qvvhgGCgMlZiK63M2bP1Kcg==",
        "#=qpaOobmVTnUS0322VEUTQd53tn4HeMWSoV2XuTUOmp6U=",
        "#=qCQ9vY8iVniiFr_C0wuoMFHQgjJIll0MjoDGXuPo1hYk=",
        "#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q",
        "HostDetails",
        "#=qwWiTcboLi4zF4ycKWLBprqWhuc6ZDNNDjC8OE8DG1$c=",
        "#=qFTBwGADWl13TibdOa5ODk_Y2qcfMGC4lp4rhrZcE84kZNE6dU4EqEk2ZYKuJAWo9",
        "#=qK7tJUw5nsLE_rt2JHgqYI6_vH0s$mFFB1QifRuMCr34=",
        "#=qKwlvi80KuDBelBsvucNuhRsqXRtqCfWqVH1dUPmd6_o=",
        "#=qzI8efPARogp2CZcGB2UtfAz2tJs0A4fM9fKvuTKYqi8=",
        "-!&o/",
        "#=qphSRC1xHjYarc$NSFAVMID1iP8dwbr6BCaxyrkptDP0=",
        "#=qPYtEwg1BZk5tP9KKNl$36tqIdWilqjeWcpWKL2Zxnug=",
        "#=qmTxGiMA05lTEtoPPV6RFOih4DYS0uxrxPO4vA1H2j6U=",
        "#=qRNkKSXdFDcR_p8Jbzx9WJQ==",
        "IClientUIHost",
        "#=qGvpT_A2MS3Oi797y6jojBg==",
        "#=q0xixHwSTS$a9x5dtNZccvebVLuO4euYOepae9m2S64s=",
        "#=qSJci08l8EqyD9KF0joWzSA==",
        "]\"Q+a-Y6I",
        "afeffefeeffe",
        "#=qYKspnFhL3rrV8a6zSvXJWA==",
        "#=qzAgp3UwWT0075L6Sh4PfZA==",
        "ReadBlockData",
        "AddMinutes",
        "#=qDJ4yS7fCDfIiEVFkwyEE6G3$$73HwRgy2_eKZUkxaSo=",
        "-\"&~k",
        "#=qhE2P2k46jiSSjO86g3nB1MkLGC9_3avDpI7iYbUHr5g=",
        "#=q98hMbgVf4fBR3MKeaM4uQI$YRLQdIr1biYYF5369cW8=",
        "#=q5bws5LlHvLK62TcSJadQTw==",
        "#=qP9qYgJs5_O2GP2pI$ho4ZSa8wQkwNQEBMg8VjNRrUWE=",
        "#=qQkx1bBZns8hPde7$PcvfUl2fAairj6t_H8ve7nJO2s3BIB3t7PXd4ZR9h0JHyxrX",
        "ToArray",
        "#=q9LcncGbDdZaeonfU3943IQ==",
        "#=qhufLjssUmkN_mXHuWOXl8gUDxidnVdWY$tHhp2HS0ic=",
        "#=qJpz_ygP5AiHfhtTxRulSsw==",
        "#=qtNbB44E34Ui_i5yJYQ5ntw==",
        "#=q752iy7NeRDzz3UAYRlXXfQ==",
        "get_MetadataToken",
        "#=qAbQ42UrUbGpmkYA2zun7Tg==",
        "#=qFY80y4KcMQywRNP$ttVIXw==",
        "        -->",
        "#=q2LHISsr6oVwPjyrC2AFTD2_CdAouK60pDkoTs0efRSU=",
        "get_Item",
        "UInt16",
        "#=qN6ip4UNq3TKArPG3ZZy$zw==",
        "get_Now",
        "#=qLEtx_37WeiIPQPYSN8vY0qTNiL_L6nA6vkFQwNlcU2Y=",
        "FormWindowState",
        "Delete",
        "ClientUninstalling",
        "#=q6OqJPhANvYfkdc5uh_IKsUbLoI4zVFCxs4fpu7Vxr_U=",
        "affefeeffe",
        "#=q7uQjJN4fKJgs403tXnERFbQ1VWp3FBsMW_1ZAWZtc1g=",
        "#=q_0gCRmXint4znUKVJR_bzg==",
        "#=qBk9t7p9S5R095rOkFdE8GQ==",
        "#=qT9sog7FujhNJZHxxUXVGPg==",
        "#=qYhk_OkZkBWola80M6EUqow==",
        "#=q74AbaKJhduohKQ4YDrC28g==",
        "    </dependentAssembly>",
        "#=q2n0wwv9OpsrMrxVUVHoqGw==",
        "#=qVxXNKnhAcArgJoGGYXiyyQ==",
        "#=q8WaW5L3_NY3KPDRN6V9mCI08mHUZbTcARcexWvaAL6A=",
        "String",
        "#=qxe_BfLLMHqYa_KBeLsRfpw==",
        "GetObjectValue",
        "#=qWNtQAckY3EoQ$HeRpEQ9MEcj4oiFXpw6QZThgsGNZIA=",
        "#=qscQJIcBkI9VH8bZTZtABeA==",
        "#=qXULhMbqiur_al62NrjaiXWJ8rme0bKMO8KkV356NZwk=",
        "<generated method>",
        "#=qalo3zYdlWWh$dYSx9JnNrw==",
        "ContainsKey",
        "#=qKaOsg8ghd7KyYDCm3RhDg9KJrf7McwaH92TdOJzSw6s=",
        "#=q60UcvJzzgao2Rv_stV3rQhhxCdm95L1Gb83mKGH1VxQ=",
        "#=qHauijmh2nJ5kHO6fTYBnJFZKkfzkWt5gB4mYS5OLOVc=",
        "#=q2c1dOwAlqEVK063i13$4Vg==",
        "-0&sY",
        "#=qcMb6hxBpdyTwCjvpzaQcC5dS3wbplPqOta7ERz_lMIo=",
        "IEnumerable`1",
        "#=qfLFZgbR_r0GETPSprP6O9w==",
        "#=q3$9MQ9O56ldzMJGDeTdBZw==",
        "ToInt64",
        "#=qkgpjO3I2rdg6Il4nyqzgDw==",
        "#=qSbcOBh8Kf7zb$IciDxPlGw==",
        "#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=",
        "#=qKU0J1fiP8KA33eFK1owekQ==",
        "Console",
        "#=qsR25pLrAgwps$DwdB_BuUbMipiUFFEDkypROuvRRPj4=",
        "#=qKi0KrAcAGUOMcS5S$2tJyg==",
        "#=q5grPwgEurSn6KutVLS5_oPClPR_aCEdSRk5nKP5bDm4=",
        "#=q8VTskDJ5TyHJcDeWmklddw==",
        "#=qbn24Ox5i732BM_T_R4Q3RtK1pEoSIYmxE9Rba9DDKEA=",
        "SizeofResource",
        "#=q2WFu5tRyicebO6UkQga8SbXrngw5YigfLTTVJqQy1qI=",
        "BaseCommand",
        "System.IO.Compression",
        "      <!-- If your application is designed to work with Windows 8.1, uncomment the following supportedOS node-->",
        "#=qwSqLSPEuM8lJy4sOeuH92YjPodcLquqdG$OodozwC60=",
        "Transmission",
        "StackFrame",
        "#=q8d8q1KZbTCKTAZreko1Lug==",
        "#=qgW$Sn0ALOASuZcEZHxiZDaj3mNXTljqLa5onSc7M0U0=",
        "get_Key",
        "Intern",
        "PipeCreated",
        "-,&~C",
        "#=q7b0FP8eSMCctHkHIxEb12w==",
        "#=qG5YZbexfSlZk_cwFxKFh4HaY$Krp4rK2HdCH8OIs4EI=",
        "LogClientMessage",
        "#=qEqEPF0jj3sUIryvQNEKKCV9boaHFZuHXMROqSn28L3g=",
        "#=q9iu_XWrg9WTOw3hVDQcP8ZcABJLoMYtAY0HfRbaBN24=",
        "#=qdDrSQoelY6gHzRt_ma5NQg==",
        "add_ThreadException",
        "AssemblyProductAttribute",
        "#=qwBDUI_NSPNLYbPH4gy$3uQ==",
        "#=qsWAbPBa1yptbB97zoAjeSA==",
        "get_Length",
        "#=qc7QknLi4DrEENw9hVJyfaw==",
        "VariableChanged",
        "#=qN76bQl1CQ6EpIJzS4bbSnw==",
        "#=qA32zcbPIWwOaURCE8zDGfw==",
        "#=qqROT7DfncW7strhZvp0iRQ==",
        "FileInfo",
        "ConstructorInfo",
        "#=qqnp3i0xG3gb2LwEmwQLB8NQerATuB2G0aH1k$$26lgk=",
        "Change",
        "get_BinaryLength",
        "#=qbWN2780y2PKcyDt_4uktmA==",
        "DialogResult",
        "#=q6wR5WMLGkL9afTpqmWsw9g==",
        "MessageBoxButtons",
        "Activator",
        "#=q48p8EJcbwRuSJ9efJfzTZ7uyOBVlFQpnFVv30w93EJA=",
        "get_IsEnum",
        "#=qrmavK4kbgFTgX3_IUlEoRw==",
        "#=qoygY$KIlhsLDneTXkJ_L9A==",
        "#=qhPbzHXREadcUSl6d6LhVYw==",
        "#=qVCHxDTr$$bwFMb6i9vBKRZciaa69edA3gsLNOty0RAzCorWRBUh2v0PgySYBEvZ0",
        "#=qgN8fDYnB$J$X9QGGYQsYuvA6BpDT4GE_ca7JiOh661Q=",
        "ffeeffefeefa",
        "#=q6NenfQbzQYLSZe2oYrhKsEGeaR69wF$W7VvfZPx7lyg=",
        "VS_VERSION_INFO",
        "#=qtRuLPG6CownVXpQS2Jma6EmxR$R$u15FKPRjOSzCUIw=",
        "-*& r ",
        "#=q6k7flm9GMlPIija7ZH1xJg==",
        "UnhandledExceptionEventArgs",
        "#=qbLBIoIXYNfJl3x9LHqBWNA==",
        "#=q9RHjNFjnLkbqjNKidtUNeAGLmByWXgbKwjLfhcq9NOc=",
        "List`1",
        "AssemblyCopyrightAttribute",
        "#=q0U3u45cUl83Kicjfx0RmVA==",
        "#=q9T406SLBpfhYfDTkCrB28g==",
        "#=qO0bmWYqIZnaB7Udo1OTvUuiP36Q9Z_7hz6URm1Yr1hM=",
        "#=qibDx9sEkAVZroec7HmNu4g==",
        "4System.Web.Services.Protocols.SoapHttpClientProtocol",
        "#=q6V4Kle56uZFNUY$zkrrKJQ==",
        "ToByteArray",
        "ICryptoTransform",
        "#=qzDzg9a$HVGG1G5cdhqbdwO3OG_SFijGXN8Towa37$TQ=",
        "#=qd4_A7Y1qGQ8QAgHfK8_ssQ==",
        "#=q3qYAJGveL_cxux6_2m4Vaw==",
        "TryParse",
        "#=qDB62T9X0iP_6WNTXOuwQnA==",
        "PipeClosed",
        "#=q8eJA0L4q0RMnuOJCvpFj3133vZRxVnxvHST9vysUWYQ=",
        "Array",
        "Microsoft.VisualBasic.ApplicationServices",
        "#=qpQiSeXaCc6qGNX49vDbcMYyzv_UpV$YoUyrH0l6FW6Q="
      ],
      "virustotal": {
        "error": true,
        "msg": "VT File lookup disabled in processing.conf"
      },
      "executed_tools": [
        "overlay",
        "msi_extract",
        "kixtart_extract",
        "vbe_extract",
        "batch_extract",
        "UnAutoIt_extract",
        "UPX_unpack",
        "RarSFX_extract",
        "Inno_extract",
        "SevenZip_unpack",
        "de4dot_deobfuscate",
        "eziriz_deobfuscate",
        "office_one"
      ],
      "cape_type_code": 0,
      "cape_type": "NanoCore Payload: 32-bit executable"
    }
  },
  "detections": [
    {
      "family": "NanoCore",
      "details": [
        {
          "Yara": "9d3ea5af7dc261bf93c76f55d702a315aa22fb241e4207dc86cd834c262245c8"
        }
      ]
    }
  ],
  "procdump": [
    {
      "name": "99965b28430cda4b41bd51229c63525f57ed47035053fb8842a7ebb78bfa02c1",
      "path": "/opt/CAPEv2/storage/analyses/44/procdump/99965b28430cda4b41bd51229c63525f57ed47035053fb8842a7ebb78bfa02c1",
      "guest_paths": "1;?C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe;?C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe;?",
      "size": 16384,
      "crc32": "CC5CA98B",
      "md5": "b22d91a0519c27ad940c8cfbb9ae422e",
      "sha1": "98494132ae73b8aa6c5b28757c87dbfe58c9a7fa",
      "sha256": "99965b28430cda4b41bd51229c63525f57ed47035053fb8842a7ebb78bfa02c1",
      "sha512": "17860b2f77207c7913651effdbc824f9e25bb87869ef57b55d3ff41727f45455ccb0d4b633a597cb00673b33beff15e5117aad94e7e9fee2a04d2cb420dea64e",
      "rh_hash": null,
      "ssdeep": "96:wg9kWI4uq5A3ojWNta1FYcHeUYsTKWa2:wB4tARszYcHeUZ",
      "type": "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows",
      "yara": [
        {
          "name": "IsPE64",
          "meta": {},
          "strings": [],
          "addresses": {}
        },
        {
          "name": "IsWindowsGUI",
          "meta": {},
          "strings": [],
          "addresses": {}
        }
      ],
      "cape_yara": [],
      "clamav": [],
      "tlsh": "T10E72DA1351DE3DE6E0B816703B7787D2C72DEE160612C56E75D83929EA7D283BA423C8",
      "sha3_384": "4766fd6df3f813fec1759cb570e7d3525a45ed82fe1e06e3b14bde4e2c82fa123a5327e901352f0141bc4a21e83048d6",
      "yara_hash": "b833150b13e1662cfeb7589959edd288cf4e73710395ec5c5f2123f39a668f4d",
      "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
      "pe": {
        "guest_signers": {
          "aux_sha1": null,
          "aux_timestamp": null,
          "aux_valid": false,
          "aux_error": true,
          "aux_error_desc": "No signature found.",
          "aux_signers": []
        },
        "digital_signers": [],
        "imagebase": "0x00400000",
        "entrypoint": "0x0001e792",
        "ep_bytes": "",
        "peid_signatures": null,
        "reported_checksum": "0x00000000",
        "actual_checksum": "0x000094ff",
        "osversion": "4.0",
        "machine_type": "IMAGE_FILE_MACHINE_I386",
        "pdbpath": null,
        "imports": {},
        "exported_dll_name": null,
        "exports": [],
        "dirents": [
          {
            "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
            "virtual_address": "0x0001e738",
            "size": "0x00000057"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
            "virtual_address": "0x00022000",
            "size": "0x00003ac4"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
            "virtual_address": "0x00020000",
            "size": "0x0000000c"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_TLS",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_IAT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
            "virtual_address": "0x00002008",
            "size": "0x00000048"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          }
        ],
        "sections": [
          {
            "name": ".text",
            "raw_address": "0x00000400",
            "virtual_address": "0x00002000",
            "virtual_size": "0x0001e000",
            "size_of_data": "0x00000000",
            "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xe0000020",
            "entropy": "0.00"
          },
          {
            "name": ".reloc",
            "raw_address": "0x00000400",
            "virtual_address": "0x00020000",
            "virtual_size": "0x00002000",
            "size_of_data": "0x00000000",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x42000040",
            "entropy": "0.00"
          },
          {
            "name": ".rsrc",
            "raw_address": "0x00000400",
            "virtual_address": "0x00022000",
            "virtual_size": "0x00004000",
            "size_of_data": "0x00003c00",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x40000040",
            "entropy": "4.21"
          }
        ],
        "overlay": null,
        "resources": [
          {
            "name": "RT_ICON",
            "offset": "0x00022250",
            "size": "0x000002e8",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "1.71"
          },
          {
            "name": "RT_ICON",
            "offset": "0x00022538",
            "size": "0x00000128",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "2.08"
          },
          {
            "name": "RT_ICON",
            "offset": "0x00022660",
            "size": "0x000008a8",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "1.72"
          },
          {
            "name": "RT_ICON",
            "offset": "0x00022f08",
            "size": "0x00000568",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "1.05"
          },
          {
            "name": "RT_ICON",
            "offset": "0x00023470",
            "size": "0x00000353",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "4.05"
          },
          {
            "name": "RT_ICON",
            "offset": "0x000237c4",
            "size": "0x000010a8",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "2.72"
          },
          {
            "name": "RT_ICON",
            "offset": "0x0002486c",
            "size": "0x00000468",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "2.76"
          },
          {
            "name": "RT_GROUP_ICON",
            "offset": "0x00024cd4",
            "size": "0x00000068",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "2.69"
          },
          {
            "name": "RT_VERSION",
            "offset": "0x00024d3c",
            "size": "0x00000264",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "3.27"
          },
          {
            "name": "RT_MANIFEST",
            "offset": "0x00024fa0",
            "size": "0x00000b22",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "5.04"
          }
        ],
        "versioninfo": [
          {
            "name": "Translation",
            "value": "0x0000 0x04b0"
          },
          {
            "name": "FileDescription",
            "value": " "
          },
          {
            "name": "FileVersion",
            "value": "1.2.2.0"
          },
          {
            "name": "InternalName",
            "value": "NanoCore Client.exe"
          },
          {
            "name": "LegalCopyright",
            "value": " "
          },
          {
            "name": "OriginalFilename",
            "value": "NanoCore Client.exe"
          },
          {
            "name": "ProductVersion",
            "value": "1.2.2.0"
          },
          {
            "name": "Assembly Version",
            "value": "1.2.2.0"
          }
        ],
        "imphash": "",
        "timestamp": "2015-02-22 00:49:37",
        "icon": "iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAY0lEQVR4nO3XIQ6AMBBE0YH0eGuAcwKmZ1sLCkHRZUj4o9qaeVmzqfT3DJl5OAGjs1ySynWIiFeLa62SPjABAABK+7Cte9fCeZlud/sEAAAAAAAAADvgsY7bddk79gnwMSH2nLDUDvNx5OJLAAAAAElFTkSuQmCC",
        "icon_hash": "f66c7c86e9ab59ef3f289acd613a3738",
        "icon_fuzzy": "c3ca946d749a15ad18efd3e5d7b0d8f5",
        "icon_dhash": "454545d4d4d44503"
      },
      "data": null,
      "strings": [
        "          version=\"6.0.0.0\"",
        "        <requestedExecutionLevel  level=\"asInvoker\" uiAccess=\"false\" />",
        "1.2.2.0",
        "    </security>",
        "FileDescription",
        "          publicKeyToken=\"6595b64144ccf1df\"",
        "          type=\"win32\"",
        "<?xml version=\"1.0\" encoding=\"utf-8\"?>",
        "VS_VERSION_INFO",
        "            Specifying requestedExecutionLevel node will disable file and registry virtualization.",
        "            If you want to change the Windows User Account Control level replace the ",
        "wwwwwwwwwwwwww",
        "VarFileInfo",
        "LegalCopyright",
        "      <!-- If your application is designed to work with Windows 7, uncomment the following supportedOS node-->",
        "Assembly Version",
        "!This program cannot be run in DOS mode.",
        "      <!--<supportedOS Id=\"{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}\"></supportedOS>-->",
        "            requestedExecutionLevel node with one of the following.",
        "      <!-- If your application is designed to work with Windows Vista, uncomment the following supportedOS node-->",
        "    <dependentAssembly>",
        "    <application>",
        "      <!-- If your application is designed to work with Windows 8.1, uncomment the following supportedOS node-->",
        "</asmv1:assembly>",
        ".reloc",
        "wwwwww",
        "        <!-- UAC Manifest Options",
        "          name=\"Microsoft.Windows.Common-Controls\"",
        "IDATx",
        "        <requestedExecutionLevel  level=\"highestAvailable\" uiAccess=\"false\" />",
        "FileVersion",
        "InternalName",
        "    <security>",
        "B.rsrc",
        "        -->",
        "            compatibility then delete the requestedExecutionLevel node.",
        "        />",
        "000004b0",
        "          language=\"*\"",
        "  <!-- Enable themes for Windows common controls and dialogs (Windows XP and later) -->",
        "      <requestedPrivileges xmlns=\"urn:schemas-microsoft-com:asm.v3\">",
        "<asmv1:assembly manifestVersion=\"1.0\" xmlns=\"urn:schemas-microsoft-com:asm.v1\" xmlns:asmv1=\"urn:schemas-microsoft-com:asm.v1\" xmlns:asmv2=\"urn:schemas-microsoft-com:asm.v2\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">",
        "    </application>",
        "          processorArchitecture=\"*\"",
        "Translation",
        ".text",
        "        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\" />",
        "NanoCore Client.exe",
        "OriginalFilename",
        "      <!--<supportedOS Id=\"{35138b9a-5d96-4fbd-8e2d-a2440225f93a}\"/>-->",
        "      <!-- If your application is designed to work with Windows 8, uncomment the following supportedOS node-->",
        "      <!--<supportedOS Id=\"{e2011457-1546-43c5-a5fe-008deee3d3f0}\"></supportedOS>-->",
        "      <!-- A list of all Windows versions that this application is designed to work with. ",
        "  <compatibility xmlns=\"urn:schemas-microsoft-com:compatibility.v1\">",
        "  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v2\">",
        "  <assemblyIdentity version=\"1.0.0.0\" name=\"MyApplication.app\"/>",
        "      </requestedPrivileges>",
        "  </trustInfo>",
        "      Windows will automatically select the most compatible environment.-->",
        "  </compatibility>",
        "StringFileInfo",
        "ProductVersion",
        "  </dependency>-->",
        "  <!-- <dependency>",
        "      <assemblyIdentity",
        "      <!--<supportedOS Id=\"{1f676c76-80e1-4239-95bb-83d0f6d0da78}\"/>-->",
        "            If you want to utilize File and Registry Virtualization for backward ",
        "    </dependentAssembly>",
        "        <requestedExecutionLevel  level=\"requireAdministrator\" uiAccess=\"false\" />"
      ],
      "virustotal": {
        "error": true,
        "msg": "VT File lookup disabled in processing.conf"
      },
      "executed_tools": [
        "overlay",
        "msi_extract",
        "kixtart_extract",
        "vbe_extract",
        "batch_extract",
        "UnAutoIt_extract",
        "UPX_unpack",
        "RarSFX_extract",
        "Inno_extract",
        "SevenZip_unpack",
        "de4dot_deobfuscate",
        "eziriz_deobfuscate",
        "office_one"
      ],
      "cape_type_code": 1,
      "cape_type": "",
      "process_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe",
      "process_name": "client.bin.exe",
      "module_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe",
      "pid": 4156
    }
  ],
  "dropped": [
    {
      "name": [
        "run.dat"
      ],
      "path": "/opt/CAPEv2/storage/analyses/44/files/d4e5529ed64ebb991b5a32765ae1de0f5bfc5d583e404caa50b4679a73cdca4c",
      "guest_paths": [
        "C:\\Users\\cape\\AppData\\Roaming\\57C9F549-7B50-4C23-B307-58BAB726D1B6\\run.dat"
      ],
      "size": 8,
      "crc32": "23473229",
      "md5": "7b298d1794ca9811af968a0bf13983d1",
      "sha1": "7296a7545de01c3ec9c3708b15d38f6dc89735f0",
      "sha256": "d4e5529ed64ebb991b5a32765ae1de0f5bfc5d583e404caa50b4679a73cdca4c",
      "sha512": "72d148e62638ab0658ef5551832c17a8fa6100dd9a6daa82f4c9a1a58abd8a66d56dc7683d52672e71d7f8eadebaa871230c8418b0ddb4577c8b24f34ce564b7",
      "rh_hash": null,
      "ssdeep": "3:gp:S",
      "type": "Non-ISO extended-ASCII text, with no line terminators",
      "yara": [],
      "cape_yara": [],
      "clamav": [],
      "tlsh": null,
      "sha3_384": "397c310d0d6ae5d60ce865a64fb7a6995899102b3986f9da3a11ed071e1b017015a55a0ac5770665dab0e3cbbe3746cc",
      "yara_hash": "b833150b13e1662cfeb7589959edd288cf4e73710395ec5c5f2123f39a668f4d",
      "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
      "data": ";TI—ó›ÞH",
      "strings": [],
      "virustotal": {
        "error": true,
        "msg": "VT File lookup disabled in processing.conf"
      },
      "executed_tools": [
        "overlay",
        "msi_extract",
        "kixtart_extract",
        "vbe_extract",
        "batch_extract",
        "UnAutoIt_extract",
        "UPX_unpack",
        "RarSFX_extract",
        "Inno_extract",
        "SevenZip_unpack",
        "de4dot_deobfuscate",
        "eziriz_deobfuscate",
        "office_one"
      ],
      "cape_type_code": 0,
      "cape_type": "",
      "pid": 4156
    }
  ],
  "CAPE": {
    "payloads": [
      {
        "name": "99b3e78e7a66a3d3a215c643e1ea1be08b03a9ffeaa6492d882c6521e7882a5f",
        "path": "/opt/CAPEv2/storage/analyses/44/CAPE/99b3e78e7a66a3d3a215c643e1ea1be08b03a9ffeaa6492d882c6521e7882a5f",
        "guest_paths": "9;?C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe;?C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe;?0x00007FFE4B190000;?",
        "size": 333,
        "crc32": "1669B1FB",
        "md5": "3c3bc8deaf69f8b6df89872b07eb8350",
        "sha1": "ecaf5537f6d13f505bff2eb36d934d23099b1f23",
        "sha256": "99b3e78e7a66a3d3a215c643e1ea1be08b03a9ffeaa6492d882c6521e7882a5f",
        "sha512": "cea414a9a17e1a6c9a96ec8ef19be159690ca850dea51ebaaecaed70643e4503b7b1385b6839b9df4f62007cf773686d3a71eff34eb40f6629c766860213de50",
        "rh_hash": null,
        "ssdeep": "3:OjtlkXlflyH+M/lslmobKQl2lEubaHOPbaSftuDK/Kla/rKdDK5D/h3utNBihBmF:/1etERbtcEU9jaCtY4yqrkDEZyTfN",
        "type": "data",
        "yara": [],
        "cape_yara": [],
        "clamav": [],
        "tlsh": "T18EE012B38B0CBB0BC028DD30838AB23F02E2E120839283329827000819820200A75B13",
        "sha3_384": "ab864ff79d98159672075f124648d6d410a769523ce3309fa5da721adcc5b45bc33b8ba8682e78bf7e05e84ac805583c",
        "yara_hash": "b833150b13e1662cfeb7589959edd288cf4e73710395ec5c5f2123f39a668f4d",
        "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
        "data": null,
        "strings": [],
        "virustotal": {
          "error": true,
          "msg": "VT File lookup disabled in processing.conf"
        },
        "executed_tools": [
          "overlay",
          "msi_extract",
          "kixtart_extract",
          "vbe_extract",
          "batch_extract",
          "UnAutoIt_extract",
          "UPX_unpack",
          "RarSFX_extract",
          "Inno_extract",
          "SevenZip_unpack",
          "de4dot_deobfuscate",
          "eziriz_deobfuscate",
          "office_one"
        ],
        "cape_type_code": 9,
        "cape_type": "Unpacked Shellcode",
        "process_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe",
        "process_name": "client.bin.exe",
        "module_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe",
        "pid": 4156,
        "virtual_address": "0x00007FFE4B190000"
      },
      {
        "name": "65aa04b90a5b71c3806a1f1b566f76a55789463379c782d4f2ae49bb19d1ec9d",
        "path": "/opt/CAPEv2/storage/analyses/44/CAPE/65aa04b90a5b71c3806a1f1b566f76a55789463379c782d4f2ae49bb19d1ec9d",
        "guest_paths": "9;?C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe;?C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe;?0x00007FFE4B210000;?",
        "size": 520,
        "crc32": "74808CEF",
        "md5": "9a19bfa2ad865ae48663296e520753b1",
        "sha1": "9ad2bc8c646f9889b8244d81dea60256b06921d8",
        "sha256": "65aa04b90a5b71c3806a1f1b566f76a55789463379c782d4f2ae49bb19d1ec9d",
        "sha512": "e89e733e3369106c032508384db29436541be1e39a4c2e8f0af097da0a47792567479233c7437ce14ae38286a6e1788202d86f1cf9c587ff02c3bfd4e38a6a31",
        "rh_hash": null,
        "ssdeep": "12:ZsgiV0l0t01R74Iktt9NsX0iV0l4t01R74IERzt9NsQg:ZiS0S1RKtnOX0iS4S1RGznfg",
        "type": "data",
        "yara": [],
        "cape_yara": [],
        "clamav": [],
        "tlsh": "T14BF0E5370B75DC4DE366547523D25B91DFE9E2718212D787033D41478DEC02A1B6C385",
        "sha3_384": "4e6939f0fa521b6f61254baf499301a5b4b7c5c685c279af59072db01f225906122191d65757c903796c35ee581a318c",
        "yara_hash": "b833150b13e1662cfeb7589959edd288cf4e73710395ec5c5f2123f39a668f4d",
        "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
        "data": null,
        "strings": [],
        "virustotal": {
          "error": true,
          "msg": "VT File lookup disabled in processing.conf"
        },
        "executed_tools": [
          "overlay",
          "msi_extract",
          "kixtart_extract",
          "vbe_extract",
          "batch_extract",
          "UnAutoIt_extract",
          "UPX_unpack",
          "RarSFX_extract",
          "Inno_extract",
          "SevenZip_unpack",
          "de4dot_deobfuscate",
          "eziriz_deobfuscate",
          "office_one"
        ],
        "cape_type_code": 9,
        "cape_type": "Unpacked Shellcode",
        "process_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe",
        "process_name": "client.bin.exe",
        "module_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe",
        "pid": 4156,
        "virtual_address": "0x00007FFE4B210000"
      },
      {
        "name": "327c9f19cf38c1d2fab9c18d31cdb19c7f3aa32cb9fc1152bf3028085894e47a",
        "path": "/opt/CAPEv2/storage/analyses/44/CAPE/327c9f19cf38c1d2fab9c18d31cdb19c7f3aa32cb9fc1152bf3028085894e47a",
        "guest_paths": "9;?C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe;?C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe;?0x00007FFE4B250000;?",
        "size": 39078,
        "crc32": "9A1FD897",
        "md5": "e71c9d244d76719c3d1fee90cb5b70f2",
        "sha1": "9b230dc6e62f3f1697ae47d5425b39ea530cee19",
        "sha256": "327c9f19cf38c1d2fab9c18d31cdb19c7f3aa32cb9fc1152bf3028085894e47a",
        "sha512": "9a71f358d60dfdf4ee0d49f9a222d40659ecd86409ebdbc12b0deff4cb85c9ee01bd6f76ac39ce97a2fbbbb4fed2f0c023732a4ef7962817be8e370a37c0ab5d",
        "rh_hash": null,
        "ssdeep": "768:rjMNyIIgWuCMWeua9VWkdnA0e0dGp+BnukjEUv0L6ug5R9:KEBuvWeu+HdnY0dGp+BnukjdG6ug5R9",
        "type": "data",
        "yara": [],
        "cape_yara": [],
        "clamav": [],
        "tlsh": "T12103607AEB41AD22F138AD705BCAA7B011F267A873B8833037357539ED6628D1D2C744",
        "sha3_384": "166d913aae830d45455da12227183dfe4fe00334f8af79a412463a81f20345535f73f995823c65047cfc25de155efa34",
        "yara_hash": "b833150b13e1662cfeb7589959edd288cf4e73710395ec5c5f2123f39a668f4d",
        "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
        "data": null,
        "strings": [
          " x8#K",
          " @!#K",
          " P##K",
          "Px*%K",
          "@pv%K",
          "@8-%K",
          " h0#K",
          " X##K",
          " P7#K",
          "@H7%K",
          "@x*%K",
          "mscorlib.resources"
        ],
        "virustotal": {
          "error": true,
          "msg": "VT File lookup disabled in processing.conf"
        },
        "executed_tools": [
          "overlay",
          "msi_extract",
          "kixtart_extract",
          "vbe_extract",
          "batch_extract",
          "UnAutoIt_extract",
          "UPX_unpack",
          "RarSFX_extract",
          "Inno_extract",
          "SevenZip_unpack",
          "de4dot_deobfuscate",
          "eziriz_deobfuscate",
          "office_one"
        ],
        "cape_type_code": 9,
        "cape_type": "Unpacked Shellcode",
        "process_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe",
        "process_name": "client.bin.exe",
        "module_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe",
        "pid": 4156,
        "virtual_address": "0x00007FFE4B250000"
      },
      {
        "name": "3b58e32c41dcc6be123c5c0b7921a0aceae65c94c5654d25d3e15268dbd480e9",
        "path": "/opt/CAPEv2/storage/analyses/44/CAPE/3b58e32c41dcc6be123c5c0b7921a0aceae65c94c5654d25d3e15268dbd480e9",
        "guest_paths": "9;?C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe;?C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe;?0x00007FF40DEF0000;?",
        "size": 70,
        "crc32": "53C92F28",
        "md5": "dabf7d84fdc2bf07a4849ccf50a1bdda",
        "sha1": "ad1c3eac90bfca76f295d49ca81144bac0e406e6",
        "sha256": "3b58e32c41dcc6be123c5c0b7921a0aceae65c94c5654d25d3e15268dbd480e9",
        "sha512": "97a9c483dbdac76f507f88ecdd4f0921a25626a3ea8513980592bb2a0e2f721942e174c63ca5d4324fc6eed101f6c9491553dc9f47eaf0ec80b582a993723467",
        "rh_hash": null,
        "ssdeep": "3:XRaLmlttlyZfloa:BaLStXYOa",
        "type": "data",
        "yara": [],
        "cape_yara": [],
        "clamav": [],
        "tlsh": "T1D3A002371205C544FC50103D07649160020EDCA4021D05637904F615093848D9D2C9D4",
        "sha3_384": "dace721fe76af4db6f7ff9673b654da76d2f25433a1c99b59f1963da790a662a7c7176f4b4b44fd62b34c240d1bdbb9d",
        "yara_hash": "b833150b13e1662cfeb7589959edd288cf4e73710395ec5c5f2123f39a668f4d",
        "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
        "data": null,
        "strings": [],
        "virustotal": {
          "error": true,
          "msg": "VT File lookup disabled in processing.conf"
        },
        "executed_tools": [
          "overlay",
          "msi_extract",
          "kixtart_extract",
          "vbe_extract",
          "batch_extract",
          "UnAutoIt_extract",
          "UPX_unpack",
          "RarSFX_extract",
          "Inno_extract",
          "SevenZip_unpack",
          "de4dot_deobfuscate",
          "eziriz_deobfuscate",
          "office_one"
        ],
        "cape_type_code": 9,
        "cape_type": "Unpacked Shellcode",
        "process_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe",
        "process_name": "client.bin.exe",
        "module_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe",
        "pid": 4156,
        "virtual_address": "0x00007FF40DEF0000"
      },
      {
        "name": "5b41846fe61a7f7bcacf175fb8841f9f6aa7dc514706d30f45f5bce2578f7ed7",
        "path": "/opt/CAPEv2/storage/analyses/44/CAPE/5b41846fe61a7f7bcacf175fb8841f9f6aa7dc514706d30f45f5bce2578f7ed7",
        "guest_paths": "9;?C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe;?C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe;?0x0000000002850000;?",
        "size": 16378,
        "crc32": "73155448",
        "md5": "18cbdc5a941dc7e2010c0ee4bb33eb17",
        "sha1": "f9d9783973ffe6fa3b325e16c44c7db4110184b2",
        "sha256": "5b41846fe61a7f7bcacf175fb8841f9f6aa7dc514706d30f45f5bce2578f7ed7",
        "sha512": "107f16ff766617b69a8ac98a2294020bcf2f582894c6cf37862b5b4822468231a727b063a425d7d5ecefda82d85b94c466adc6cdf2063ca58639d4c741d673a0",
        "rh_hash": null,
        "ssdeep": "24:g1a163lTlci6sQtCOtUtJrr4k3fPdJVm2O1Mq66a:Mdu1C7IcXV5z",
        "type": "data",
        "yara": [],
        "cape_yara": [],
        "clamav": [],
        "tlsh": "T10772B4007B77D0A1CB22D5766B42CA95BB72E664AF3803C3F2502BF52DBB6024936380",
        "sha3_384": "99ab1f7cec5f228b847717111081f2da90f2f182d10f6a13fe5e7c4bf7860a07762f1b6d9abd11dfc6644b46da8044ce",
        "yara_hash": "b833150b13e1662cfeb7589959edd288cf4e73710395ec5c5f2123f39a668f4d",
        "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
        "data": null,
        "strings": [
          "J sbc"
        ],
        "virustotal": {
          "error": true,
          "msg": "VT File lookup disabled in processing.conf"
        },
        "executed_tools": [
          "overlay",
          "msi_extract",
          "kixtart_extract",
          "vbe_extract",
          "batch_extract",
          "UnAutoIt_extract",
          "UPX_unpack",
          "RarSFX_extract",
          "Inno_extract",
          "SevenZip_unpack",
          "de4dot_deobfuscate",
          "eziriz_deobfuscate",
          "office_one"
        ],
        "cape_type_code": 9,
        "cape_type": "Unpacked Shellcode",
        "process_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe",
        "process_name": "client.bin.exe",
        "module_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe",
        "pid": 4156,
        "virtual_address": "0x0000000002850000"
      }
    ],
    "configs": []
  },
  "info": {
    "version": "2.5",
    "started": "2026-04-16 23:04:16",
    "ended": "2026-04-16 23:09:13",
    "duration": 297,
    "id": 44,
    "category": "file",
    "custom": "",
    "machine": {
      "id": 37,
      "status": "stopping",
      "name": "win10x64",
      "label": "win10x64",
      "platform": "windows",
      "manager": "KVM",
      "started_on": "2026-04-16 23:04:16",
      "shutdown_on": "2026-04-16 23:09:12"
    },
    "package": "exe",
    "timeout": true,
    "tlp": null,
    "parent_sample": {
      "id": 23,
      "file_size": 13850813,
      "file_type": "7-zip archive data, version 0.3",
      "md5": "a17189d956c6d1975717256a6e6418cb",
      "crc32": "97AFA081",
      "sha1": "970e16de1d07a90dd285e84b59c0a77e8992ed9f",
      "sha256": "f9cef6944196d5d27ca99a9c6287d9718b658add797e9cb770789a0c4dbf2bcd",
      "sha512": "3105fa5d4d6914fe69f4d4ab9e517eab55d225bbdfa199f37f3c9f103805b1b5c587fe5e985a87ea60e2e7d511a0f872619343014233791ef63859130065e9f1",
      "ssdeep": null,
      "source_url": null
    },
    "options": {},
    "source_url": null,
    "route": "",
    "user_id": 0,
    "CAPE_current_commit": "a9a0887dab232f52c59e955b9984dd494c47ce6b"
  },
  "behavior": {
    "processes": [
      {
        "process_id": 4156,
        "process_name": "client.bin.exe",
        "parent_id": 3592,
        "module_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe",
        "first_seen": "2026-04-16 20:05:39,368",
        "calls": [
          {
            "timestamp": "2026-04-16 20:05:39,868",
            "thread_id": "812",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ffeef23abd0"
              },
              {
                "name": "Parameter",
                "value": "0x0088d000"
              }
            ],
            "repeated": 0,
            "id": 0
          },
          {
            "timestamp": "2026-04-16 20:05:39,868",
            "thread_id": "4500",
            "caller": "0x7ffefe8c4fed",
            "parentcaller": "0x7ffefe8c4bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1
          },
          {
            "timestamp": "2026-04-16 20:05:39,868",
            "thread_id": "4500",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ffeabf2d6c0"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2
          },
          {
            "timestamp": "2026-04-16 20:05:39,868",
            "thread_id": "1060",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00b9c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3
          },
          {
            "timestamp": "2026-04-16 20:05:39,868",
            "thread_id": "1060",
            "caller": "0x7ffefe8c4fed",
            "parentcaller": "0x7ffefe8c4bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4
          },
          {
            "timestamp": "2026-04-16 20:05:39,868",
            "thread_id": "1060",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ffeabf2dad0"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5
          },
          {
            "timestamp": "2026-04-16 20:05:39,868",
            "thread_id": "4564",
            "caller": "0x7ffefe8c4fed",
            "parentcaller": "0x7ffefe8c4bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6
          },
          {
            "timestamp": "2026-04-16 20:05:39,868",
            "thread_id": "4564",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ffeabf2dcf0"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 7
          },
          {
            "timestamp": "2026-04-16 20:05:39,868",
            "thread_id": "7644",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00b9d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8
          },
          {
            "timestamp": "2026-04-16 20:05:39,868",
            "thread_id": "7644",
            "caller": "0x7ffefe8c4fed",
            "parentcaller": "0x7ffefe8c4bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9
          },
          {
            "timestamp": "2026-04-16 20:05:39,868",
            "thread_id": "7644",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ffeabf2db90"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 10
          },
          {
            "timestamp": "2026-04-16 20:05:40,040",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeef25b2aa",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef292000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11
          },
          {
            "timestamp": "2026-04-16 20:05:40,040",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffefc5e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefd720000"
              }
            ],
            "repeated": 0,
            "id": 12
          },
          {
            "timestamp": "2026-04-16 20:05:40,040",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffefc5e3321",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffefd720000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 13
          },
          {
            "timestamp": "2026-04-16 20:05:40,040",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef25b667",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "RegOpenKeyExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd736010"
              }
            ],
            "repeated": 0,
            "id": 14
          },
          {
            "timestamp": "2026-04-16 20:05:40,040",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeef25b2aa",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef292000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15
          },
          {
            "timestamp": "2026-04-16 20:05:40,040",
            "thread_id": "812",
            "caller": "0x7ffeef247295",
            "parentcaller": "0x7ffeef2312f1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework\\Policy\\"
              },
              {
                "name": "Handle",
                "value": "0x000001f0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\"
              }
            ],
            "repeated": 0,
            "id": 16
          },
          {
            "timestamp": "2026-04-16 20:05:40,040",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeef25b2aa",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef292000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17
          },
          {
            "timestamp": "2026-04-16 20:05:40,040",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef25b667",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryInfoKeyW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd736560"
              }
            ],
            "repeated": 0,
            "id": 18
          },
          {
            "timestamp": "2026-04-16 20:05:40,040",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeef25b2aa",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef292000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19
          },
          {
            "timestamp": "2026-04-16 20:05:40,040",
            "thread_id": "812",
            "caller": "0x7ffeef246e07",
            "parentcaller": "0x7ffeef2472b1",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001f0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "6"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "9"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 20
          },
          {
            "timestamp": "2026-04-16 20:05:40,040",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeef25b2aa",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef292000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 21
          },
          {
            "timestamp": "2026-04-16 20:05:40,040",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef25b667",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "RegEnumKeyExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd735a20"
              }
            ],
            "repeated": 0,
            "id": 22
          },
          {
            "timestamp": "2026-04-16 20:05:40,040",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeef25b2aa",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef292000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 23
          },
          {
            "timestamp": "2026-04-16 20:05:40,040",
            "thread_id": "812",
            "caller": "0x7ffeef246e78",
            "parentcaller": "0x7ffeef2472b1",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              },
              {
                "name": "Index",
                "value": "5"
              },
              {
                "name": "Name",
                "value": "v4.0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\v4.0"
              }
            ],
            "repeated": 0,
            "id": 24
          },
          {
            "timestamp": "2026-04-16 20:05:40,040",
            "thread_id": "812",
            "caller": "0x7ffeef246e78",
            "parentcaller": "0x7ffeef2472b1",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              },
              {
                "name": "Index",
                "value": "4"
              },
              {
                "name": "Name",
                "value": "v2.0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\v2.0"
              }
            ],
            "repeated": 0,
            "id": 25
          },
          {
            "timestamp": "2026-04-16 20:05:40,040",
            "thread_id": "812",
            "caller": "0x7ffeef246e78",
            "parentcaller": "0x7ffeef2472b1",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "Name",
                "value": "Upgrades"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Upgrades"
              }
            ],
            "repeated": 0,
            "id": 26
          },
          {
            "timestamp": "2026-04-16 20:05:40,040",
            "thread_id": "812",
            "caller": "0x7ffeef246e78",
            "parentcaller": "0x7ffeef2472b1",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "Name",
                "value": "standards"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\standards"
              }
            ],
            "repeated": 0,
            "id": 27
          },
          {
            "timestamp": "2026-04-16 20:05:40,040",
            "thread_id": "812",
            "caller": "0x7ffeef246e78",
            "parentcaller": "0x7ffeef2472b1",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": "Servicing"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing"
              }
            ],
            "repeated": 0,
            "id": 28
          },
          {
            "timestamp": "2026-04-16 20:05:40,040",
            "thread_id": "812",
            "caller": "0x7ffeef246e78",
            "parentcaller": "0x7ffeef2472b1",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "AppPatch"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\AppPatch"
              }
            ],
            "repeated": 0,
            "id": 29
          },
          {
            "timestamp": "2026-04-16 20:05:40,040",
            "thread_id": "812",
            "caller": "0x7ffeef24736d",
            "parentcaller": "0x7ffeef2312f1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000001f0"
              },
              {
                "name": "SubKey",
                "value": "v4.0"
              },
              {
                "name": "Handle",
                "value": "0x000001ec"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\v4.0"
              }
            ],
            "repeated": 0,
            "id": 30
          },
          {
            "timestamp": "2026-04-16 20:05:40,040",
            "thread_id": "812",
            "caller": "0x7ffeef247076",
            "parentcaller": "0x7ffeef247397",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001ec"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "1"
              },
              {
                "name": "MaxValueNameLength",
                "value": "5"
              },
              {
                "name": "MaxValueLength",
                "value": "24"
              }
            ],
            "repeated": 0,
            "id": 31
          },
          {
            "timestamp": "2026-04-16 20:05:40,040",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeef25b2aa",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef292000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 32
          },
          {
            "timestamp": "2026-04-16 20:05:40,040",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef25b667",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "RegEnumValueW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd736aa0"
              }
            ],
            "repeated": 0,
            "id": 33
          },
          {
            "timestamp": "2026-04-16 20:05:40,040",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeef25b2aa",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef292000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 34
          },
          {
            "timestamp": "2026-04-16 20:05:40,040",
            "thread_id": "812",
            "caller": "0x7ffeef247124",
            "parentcaller": "0x7ffeef247397",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001ec"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "ValueName",
                "value": "30319"
              },
              {
                "name": "Data",
                "value": "30319-30319"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\v4.0\\30319"
              }
            ],
            "repeated": 0,
            "id": 35
          },
          {
            "timestamp": "2026-04-16 20:05:40,040",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeef25b2aa",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef292000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 36
          },
          {
            "timestamp": "2026-04-16 20:05:40,040",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef25b667",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "RegCloseKey"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd736af0"
              }
            ],
            "repeated": 0,
            "id": 37
          },
          {
            "timestamp": "2026-04-16 20:05:40,040",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeef25b2aa",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef292000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 38
          },
          {
            "timestamp": "2026-04-16 20:05:40,040",
            "thread_id": "812",
            "caller": "0x7ffeef2473ba",
            "parentcaller": "0x7ffeef2312f1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001ec"
              }
            ],
            "repeated": 0,
            "id": 39
          },
          {
            "timestamp": "2026-04-16 20:05:40,040",
            "thread_id": "812",
            "caller": "0x7ffefc5dc045",
            "parentcaller": "0x7ffeef23bd65",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\MSCOREE.DLL.local"
              }
            ],
            "repeated": 0,
            "id": 40
          },
          {
            "timestamp": "2026-04-16 20:05:40,056",
            "thread_id": "812",
            "caller": "0x7ffeef23b9b8",
            "parentcaller": "0x7ffeef23beca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x000001ec"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 41
          },
          {
            "timestamp": "2026-04-16 20:05:40,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeef25b2aa",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef292000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 42
          },
          {
            "timestamp": "2026-04-16 20:05:40,056",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef25b667",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryValueExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd735ff0"
              }
            ],
            "repeated": 0,
            "id": 43
          },
          {
            "timestamp": "2026-04-16 20:05:40,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeef25b2aa",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef292000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 44
          },
          {
            "timestamp": "2026-04-16 20:05:40,056",
            "thread_id": "812",
            "caller": "0x7ffeef23b9eb",
            "parentcaller": "0x7ffeef23beca",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001ec"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 45
          },
          {
            "timestamp": "2026-04-16 20:05:40,056",
            "thread_id": "812",
            "caller": "0x7ffeef23ba4e",
            "parentcaller": "0x7ffeef23beca",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001ec"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 46
          },
          {
            "timestamp": "2026-04-16 20:05:40,056",
            "thread_id": "812",
            "caller": "0x7ffeef23ba64",
            "parentcaller": "0x7ffeef23beca",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001ec"
              }
            ],
            "repeated": 0,
            "id": 47
          },
          {
            "timestamp": "2026-04-16 20:05:40,056",
            "thread_id": "812",
            "caller": "0x7ffefc5e147c",
            "parentcaller": "0x7ffeef2507e1",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00b85800",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x51d5aa91"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d8c32f"
              }
            ],
            "repeated": 0,
            "id": 48
          },
          {
            "timestamp": "2026-04-16 20:05:40,056",
            "thread_id": "812",
            "caller": "0x7ffefc5c777d",
            "parentcaller": "0x7ffeef2507fa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001ec"
              }
            ],
            "repeated": 0,
            "id": 49
          },
          {
            "timestamp": "2026-04-16 20:05:40,056",
            "thread_id": "812",
            "caller": "0x7ffeef2475bc",
            "parentcaller": "0x7ffeef2312f1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              }
            ],
            "repeated": 0,
            "id": 50
          },
          {
            "timestamp": "2026-04-16 20:05:40,056",
            "thread_id": "812",
            "caller": "0x7ffeef23b9b8",
            "parentcaller": "0x7ffeef23beca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x000001f0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 51
          },
          {
            "timestamp": "2026-04-16 20:05:40,056",
            "thread_id": "812",
            "caller": "0x7ffeef23b9eb",
            "parentcaller": "0x7ffeef23beca",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 52
          },
          {
            "timestamp": "2026-04-16 20:05:40,056",
            "thread_id": "812",
            "caller": "0x7ffeef23ba4e",
            "parentcaller": "0x7ffeef23beca",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 53
          },
          {
            "timestamp": "2026-04-16 20:05:40,056",
            "thread_id": "812",
            "caller": "0x7ffeef23ba64",
            "parentcaller": "0x7ffeef23beca",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              }
            ],
            "repeated": 0,
            "id": 54
          },
          {
            "timestamp": "2026-04-16 20:05:40,056",
            "thread_id": "812",
            "caller": "0x7ffefc5e147c",
            "parentcaller": "0x7ffeef2507e1",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00b85320",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x51d5aa91"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d8c32f"
              }
            ],
            "repeated": 0,
            "id": 55
          },
          {
            "timestamp": "2026-04-16 20:05:40,056",
            "thread_id": "812",
            "caller": "0x7ffefc5c777d",
            "parentcaller": "0x7ffeef2507fa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              }
            ],
            "repeated": 0,
            "id": 56
          },
          {
            "timestamp": "2026-04-16 20:05:40,056",
            "thread_id": "812",
            "caller": "0x7ffeef23b9b8",
            "parentcaller": "0x7ffeef23beca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x000001f0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 57
          },
          {
            "timestamp": "2026-04-16 20:05:40,056",
            "thread_id": "812",
            "caller": "0x7ffeef23b9eb",
            "parentcaller": "0x7ffeef23beca",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 58
          },
          {
            "timestamp": "2026-04-16 20:05:40,056",
            "thread_id": "812",
            "caller": "0x7ffeef23ba4e",
            "parentcaller": "0x7ffeef23beca",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 59
          },
          {
            "timestamp": "2026-04-16 20:05:40,056",
            "thread_id": "812",
            "caller": "0x7ffeef23ba64",
            "parentcaller": "0x7ffeef23beca",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              }
            ],
            "repeated": 0,
            "id": 60
          },
          {
            "timestamp": "2026-04-16 20:05:40,056",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeef24174a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei"
              },
              {
                "name": "DllBase",
                "value": "0x7ffeef080000"
              }
            ],
            "repeated": 0,
            "id": 61
          },
          {
            "timestamp": "2026-04-16 20:05:40,196",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeef0871f9",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefc5b0000"
              }
            ],
            "repeated": 0,
            "id": 62
          },
          {
            "timestamp": "2026-04-16 20:05:40,196",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeef0871f9",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-fibers-l1-1-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefc5b0000"
              }
            ],
            "repeated": 0,
            "id": 63
          },
          {
            "timestamp": "2026-04-16 20:05:40,196",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeef087265",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefc5b0000"
              }
            ],
            "repeated": 0,
            "id": 64
          },
          {
            "timestamp": "2026-04-16 20:05:40,196",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeef087265",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-fibers-l1-1-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefc5b0000"
              }
            ],
            "repeated": 0,
            "id": 65
          },
          {
            "timestamp": "2026-04-16 20:05:40,196",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeef087265",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-localization-l1-2-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefc5b0000"
              }
            ],
            "repeated": 0,
            "id": 66
          },
          {
            "timestamp": "2026-04-16 20:05:40,196",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffefc5e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefd720000"
              }
            ],
            "repeated": 0,
            "id": 67
          },
          {
            "timestamp": "2026-04-16 20:05:40,196",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeef24174a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef080000"
              }
            ],
            "repeated": 0,
            "id": 68
          },
          {
            "timestamp": "2026-04-16 20:05:40,196",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeef24174a",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffeef080000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 69
          },
          {
            "timestamp": "2026-04-16 20:05:40,196",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef23136d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef080000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterShimImplCallback"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffeef081f20"
              }
            ],
            "repeated": 0,
            "id": 70
          },
          {
            "timestamp": "2026-04-16 20:05:40,196",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef231386",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef080000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterShimImplCleanupCallback"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 71
          },
          {
            "timestamp": "2026-04-16 20:05:40,196",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef23139f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef080000"
              },
              {
                "name": "FunctionName",
                "value": "SetShellShimInstance"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 72
          },
          {
            "timestamp": "2026-04-16 20:05:40,196",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef2313de",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef080000"
              },
              {
                "name": "FunctionName",
                "value": "OnShimDllMainCalled"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffeef0811b0"
              }
            ],
            "repeated": 0,
            "id": 73
          },
          {
            "timestamp": "2026-04-16 20:05:40,196",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef23ac86",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef080000"
              },
              {
                "name": "FunctionName",
                "value": "_CorExeMain_RetAddr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 74
          },
          {
            "timestamp": "2026-04-16 20:05:40,196",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef23acd2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef080000"
              },
              {
                "name": "FunctionName",
                "value": "_CorExeMain"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffeef088b90"
              }
            ],
            "repeated": 0,
            "id": 75
          },
          {
            "timestamp": "2026-04-16 20:05:40,196",
            "thread_id": "812",
            "caller": "0x7ffefc5dc045",
            "parentcaller": "0x7ffeef0884cb",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\MSCOREE.DLL.local"
              }
            ],
            "repeated": 0,
            "id": 76
          },
          {
            "timestamp": "2026-04-16 20:05:40,196",
            "thread_id": "812",
            "caller": "0x7ffeef0885ef",
            "parentcaller": "0x7ffeef086f3d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x000001e8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 77
          },
          {
            "timestamp": "2026-04-16 20:05:40,196",
            "thread_id": "812",
            "caller": "0x7ffeef086f6a",
            "parentcaller": "0x7ffeef085430",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e8"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 78
          },
          {
            "timestamp": "2026-04-16 20:05:40,196",
            "thread_id": "812",
            "caller": "0x7ffeef086fc7",
            "parentcaller": "0x7ffeef085430",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e8"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 79
          },
          {
            "timestamp": "2026-04-16 20:05:40,196",
            "thread_id": "812",
            "caller": "0x7ffeef086fd7",
            "parentcaller": "0x7ffeef085430",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e8"
              }
            ],
            "repeated": 0,
            "id": 80
          },
          {
            "timestamp": "2026-04-16 20:05:40,196",
            "thread_id": "812",
            "caller": "0x7ffefc5e147c",
            "parentcaller": "0x7ffeef08276e",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00b85c20",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xc881410f"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acde"
              }
            ],
            "repeated": 0,
            "id": 81
          },
          {
            "timestamp": "2026-04-16 20:05:40,196",
            "thread_id": "812",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x7ffeac1b6250"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\clr.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 82
          },
          {
            "timestamp": "2026-04-16 20:05:40,196",
            "thread_id": "812",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000001e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 83
          },
          {
            "timestamp": "2026-04-16 20:05:40,196",
            "thread_id": "812",
            "caller": "0x7ffefc5da405",
            "parentcaller": "0x7ffeef089173",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e4"
              }
            ],
            "repeated": 0,
            "id": 84
          },
          {
            "timestamp": "2026-04-16 20:05:40,196",
            "thread_id": "812",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000001e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 85
          },
          {
            "timestamp": "2026-04-16 20:05:40,196",
            "thread_id": "812",
            "caller": "0x7ffefc5da405",
            "parentcaller": "0x7ffeef089173",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e4"
              }
            ],
            "repeated": 0,
            "id": 86
          },
          {
            "timestamp": "2026-04-16 20:05:40,196",
            "thread_id": "812",
            "caller": "0x7ffefc5c777d",
            "parentcaller": "0x7ffeef0862c0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e8"
              }
            ],
            "repeated": 0,
            "id": 87
          },
          {
            "timestamp": "2026-04-16 20:05:40,196",
            "thread_id": "812",
            "caller": "0x7ffeef08d430",
            "parentcaller": "0x7ffeef0868a5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 88
          },
          {
            "timestamp": "2026-04-16 20:05:40,212",
            "thread_id": "812",
            "caller": "0x7ffeef08d482",
            "parentcaller": "0x7ffeef0868a5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x000001e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 89
          },
          {
            "timestamp": "2026-04-16 20:05:40,212",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeef0896ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef127000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 90
          },
          {
            "timestamp": "2026-04-16 20:05:40,212",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffefc5e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefc9f0000"
              }
            ],
            "repeated": 0,
            "id": 91
          },
          {
            "timestamp": "2026-04-16 20:05:40,212",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffefc5e3321",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffefc9f0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 92
          },
          {
            "timestamp": "2026-04-16 20:05:40,212",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef085cec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefc9f0000"
              },
              {
                "name": "FunctionName",
                "value": "UrlIsW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefc9f6c30"
              }
            ],
            "repeated": 0,
            "id": 93
          },
          {
            "timestamp": "2026-04-16 20:05:40,212",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeef0896ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef127000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 94
          },
          {
            "timestamp": "2026-04-16 20:05:40,212",
            "thread_id": "812",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x7ffe00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 95
          },
          {
            "timestamp": "2026-04-16 20:05:40,227",
            "thread_id": "812",
            "caller": "0x7ffeef0885ef",
            "parentcaller": "0x7ffeef08d09e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x000000d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 96
          },
          {
            "timestamp": "2026-04-16 20:05:40,227",
            "thread_id": "812",
            "caller": "0x7ffeef08d0cb",
            "parentcaller": "0x7ffeef084e88",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000d8"
              },
              {
                "name": "ValueName",
                "value": "UseLegacyV2RuntimeActivationPolicyDefaultValue"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\UseLegacyV2RuntimeActivationPolicyDefaultValue"
              }
            ],
            "repeated": 0,
            "id": 97
          },
          {
            "timestamp": "2026-04-16 20:05:40,227",
            "thread_id": "812",
            "caller": "0x7ffeef08d118",
            "parentcaller": "0x7ffeef084e88",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000d8"
              }
            ],
            "repeated": 0,
            "id": 98
          },
          {
            "timestamp": "2026-04-16 20:05:40,227",
            "thread_id": "812",
            "caller": "0x7ffeef0885ef",
            "parentcaller": "0x7ffeef08d09e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x000000d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 99
          },
          {
            "timestamp": "2026-04-16 20:05:40,227",
            "thread_id": "812",
            "caller": "0x7ffeef08d0cb",
            "parentcaller": "0x7ffeef084e88",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000d8"
              },
              {
                "name": "ValueName",
                "value": "OnlyUseLatestCLR"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\OnlyUseLatestCLR"
              }
            ],
            "repeated": 0,
            "id": 100
          },
          {
            "timestamp": "2026-04-16 20:05:40,227",
            "thread_id": "812",
            "caller": "0x7ffeef08d118",
            "parentcaller": "0x7ffeef084e88",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000d8"
              }
            ],
            "repeated": 0,
            "id": 101
          },
          {
            "timestamp": "2026-04-16 20:05:40,227",
            "thread_id": "812",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000001fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 102
          },
          {
            "timestamp": "2026-04-16 20:05:40,227",
            "thread_id": "812",
            "caller": "0x7ffefc617d77",
            "parentcaller": "0x7ffeef0ad146",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000001fc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x10\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x02\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 103
          },
          {
            "timestamp": "2026-04-16 20:05:40,227",
            "thread_id": "812",
            "caller": "0x7ffefc5e1e71",
            "parentcaller": "0x7ffefc5e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000200"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000001fc"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe"
              }
            ],
            "repeated": 0,
            "id": 104
          },
          {
            "timestamp": "2026-04-16 20:05:40,227",
            "thread_id": "812",
            "caller": "0x7ffefc6147e6",
            "parentcaller": "0x7ffefc6146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000200"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ca0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007eeb30"
              },
              {
                "name": "ViewSize",
                "value": "0x00021000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 105
          },
          {
            "timestamp": "2026-04-16 20:05:40,368",
            "thread_id": "812",
            "caller": "0x7ffeef0bfa79",
            "parentcaller": "0x7ffeef0be4e2",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 106
          },
          {
            "timestamp": "2026-04-16 20:05:40,368",
            "thread_id": "812",
            "caller": "0x7ffefc5da405",
            "parentcaller": "0x7ffeef0ad2a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001fc"
              }
            ],
            "repeated": 0,
            "id": 107
          },
          {
            "timestamp": "2026-04-16 20:05:40,368",
            "thread_id": "812",
            "caller": "0x7ffefc618e13",
            "parentcaller": "0x7ffeef0ad2c0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ca0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00021000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 108
          },
          {
            "timestamp": "2026-04-16 20:05:40,368",
            "thread_id": "812",
            "caller": "0x7ffefc5da405",
            "parentcaller": "0x7ffeef0ad2db",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000200"
              }
            ],
            "repeated": 0,
            "id": 109
          },
          {
            "timestamp": "2026-04-16 20:05:40,368",
            "thread_id": "812",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000200"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 110
          },
          {
            "timestamp": "2026-04-16 20:05:40,368",
            "thread_id": "812",
            "caller": "0x7ffefc617d77",
            "parentcaller": "0x7ffeef0ad146",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000200"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x10\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x02\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 111
          },
          {
            "timestamp": "2026-04-16 20:05:40,368",
            "thread_id": "812",
            "caller": "0x7ffefc5e1e71",
            "parentcaller": "0x7ffefc5e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000200"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe"
              }
            ],
            "repeated": 0,
            "id": 112
          },
          {
            "timestamp": "2026-04-16 20:05:40,368",
            "thread_id": "812",
            "caller": "0x7ffefc6147e6",
            "parentcaller": "0x7ffefc6146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001fc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ca0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007eeb30"
              },
              {
                "name": "ViewSize",
                "value": "0x00021000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 113
          },
          {
            "timestamp": "2026-04-16 20:05:40,368",
            "thread_id": "812",
            "caller": "0x7ffeef0bfa79",
            "parentcaller": "0x7ffeef0be4e2",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 114
          },
          {
            "timestamp": "2026-04-16 20:05:40,368",
            "thread_id": "812",
            "caller": "0x7ffefc5da405",
            "parentcaller": "0x7ffeef0ad2a3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000200"
              }
            ],
            "repeated": 0,
            "id": 115
          },
          {
            "timestamp": "2026-04-16 20:05:40,368",
            "thread_id": "812",
            "caller": "0x7ffefc618e13",
            "parentcaller": "0x7ffeef0ad2c0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ca0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00021000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 116
          },
          {
            "timestamp": "2026-04-16 20:05:40,368",
            "thread_id": "812",
            "caller": "0x7ffefc5da405",
            "parentcaller": "0x7ffeef0ad2db",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001fc"
              }
            ],
            "repeated": 0,
            "id": 117
          },
          {
            "timestamp": "2026-04-16 20:05:40,368",
            "thread_id": "812",
            "caller": "0x7ffeef0885ef",
            "parentcaller": "0x7ffeef092484",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000006",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000000"
              },
              {
                "name": "SubKey",
                "value": "Policy\\Standards"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "Policy\\Standards"
              }
            ],
            "repeated": 0,
            "id": 118
          },
          {
            "timestamp": "2026-04-16 20:05:40,368",
            "thread_id": "812",
            "caller": "0x7ffeef0885ef",
            "parentcaller": "0x7ffeef092484",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000001e4"
              },
              {
                "name": "SubKey",
                "value": "Policy\\Standards"
              },
              {
                "name": "Handle",
                "value": "0x000001fc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Policy\\Standards"
              }
            ],
            "repeated": 0,
            "id": 119
          },
          {
            "timestamp": "2026-04-16 20:05:40,368",
            "thread_id": "812",
            "caller": "0x7ffeef0885ef",
            "parentcaller": "0x7ffeef0923db",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000001fc"
              },
              {
                "name": "SubKey",
                "value": "v2.0.50727"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\standards\\v2.0.50727"
              }
            ],
            "repeated": 0,
            "id": 120
          },
          {
            "timestamp": "2026-04-16 20:05:40,368",
            "thread_id": "812",
            "caller": "0x7ffeef0924a5",
            "parentcaller": "0x7ffeef098f79",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001fc"
              }
            ],
            "repeated": 0,
            "id": 121
          },
          {
            "timestamp": "2026-04-16 20:05:40,368",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeef088d08",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\kernel.appcore"
              },
              {
                "name": "DllBase",
                "value": "0x7ffef9e80000"
              }
            ],
            "repeated": 0,
            "id": 122
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeef088d08",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-appmodel-runtime-l1-1-2.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffef9e80000"
              }
            ],
            "repeated": 0,
            "id": 123
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeef088d08",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffef9e80000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-appmodel-runtime-l1-1-2.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 124
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef09f484",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffef9e80000"
              },
              {
                "name": "FunctionName",
                "value": "AppPolicyGetClrCompat"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffef9e830a0"
              }
            ],
            "repeated": 0,
            "id": 125
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef088d48",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffef9e80000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentPackageId"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffef9e83420"
              }
            ],
            "repeated": 0,
            "id": 126
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef088d65",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffef9e80000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentPackageInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffef9e83430"
              }
            ],
            "repeated": 0,
            "id": 127
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef088d82",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffef9e80000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentPackagePath"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffef9e83460"
              }
            ],
            "repeated": 0,
            "id": 128
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffefc5dc13e",
            "parentcaller": "0x7ffeef088e58",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000001fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000400",
                "pretty_value": "PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 129
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeef0896ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef127000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 130
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef085cec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "OpenProcessToken"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd736b50"
              }
            ],
            "repeated": 0,
            "id": 131
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeef0896ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef127000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 132
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffefc5eb14b",
            "parentcaller": "0x7ffeef088ebd",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000001fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000000d8"
              }
            ],
            "repeated": 0,
            "id": 133
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeef0896ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef127000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 134
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef085cec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "GetTokenInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd736060"
              }
            ],
            "repeated": 0,
            "id": 135
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeef0896ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef127000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 136
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffefc5dac8b",
            "parentcaller": "0x7ffeef088f06",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 137
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffefc5da405",
            "parentcaller": "0x7ffeef088f33",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000d8"
              }
            ],
            "repeated": 0,
            "id": 138
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffefc5da405",
            "parentcaller": "0x7ffeef088f4d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001fc"
              }
            ],
            "repeated": 0,
            "id": 139
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffeef0885ef",
            "parentcaller": "0x7ffeef082337",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Fusion"
              },
              {
                "name": "Handle",
                "value": "0x000001fc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion"
              }
            ],
            "repeated": 0,
            "id": 140
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffeef082372",
            "parentcaller": "0x7ffeef087c55",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001fc"
              },
              {
                "name": "ValueName",
                "value": "NoClientChecks"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NoClientChecks"
              }
            ],
            "repeated": 0,
            "id": 141
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffeef08239f",
            "parentcaller": "0x7ffeef087c55",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001fc"
              }
            ],
            "repeated": 0,
            "id": 142
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeef0896ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef127000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 143
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffefc5e3321",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\VERSION"
              },
              {
                "name": "DllBase",
                "value": "0x7ffef5730000"
              }
            ],
            "repeated": 0,
            "id": 144
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffefe8b7c36",
            "parentcaller": "0x7ffefe88de37",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 145
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffefc5e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "VERSION.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffef5730000"
              }
            ],
            "repeated": 0,
            "id": 146
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffefc5e3321",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffef5730000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "VERSION.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 147
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef085cec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "VERSION.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffef5730000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileVersionInfoSizeW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffef57310b0"
              }
            ],
            "repeated": 0,
            "id": 148
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeef0896ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef127000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 149
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffeef08b2e8",
            "parentcaller": "0x7ffeef086cec",
            "category": "filesystem",
            "api": "GetFileVersionInfoSizeW",
            "status": true,
            "return": "0x0000081c",
            "arguments": [
              {
                "name": "PathName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 150
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ba3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 151
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeef0896ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef127000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 152
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef085cec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "VERSION.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffef5730000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileVersionInfoW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffef57310d0"
              }
            ],
            "repeated": 0,
            "id": 153
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeef0896ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef127000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 154
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffeef08b314",
            "parentcaller": "0x7ffeef086cec",
            "category": "filesystem",
            "api": "GetFileVersionInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "PathName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 155
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeef0896ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef127000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 156
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef085cec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "VERSION.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffef5730000"
              },
              {
                "name": "FunctionName",
                "value": "VerQueryValueW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffef5731050"
              }
            ],
            "repeated": 0,
            "id": 157
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeef0896ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef127000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 158
          },
          {
            "timestamp": "2026-04-16 20:05:40,384",
            "thread_id": "812",
            "caller": "0x7ffeef0890c0",
            "parentcaller": "0x7ffeef089087",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e4"
              }
            ],
            "repeated": 0,
            "id": 159
          },
          {
            "timestamp": "2026-04-16 20:05:40,399",
            "thread_id": "812",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000200"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 160
          },
          {
            "timestamp": "2026-04-16 20:05:40,399",
            "thread_id": "812",
            "caller": "0x7ffefc5da405",
            "parentcaller": "0x7ffeef089173",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000200"
              }
            ],
            "repeated": 0,
            "id": 161
          },
          {
            "timestamp": "2026-04-16 20:05:40,399",
            "thread_id": "812",
            "caller": "0x7ffeef082c9e",
            "parentcaller": "0x7ffeef091fe4",
            "category": "misc",
            "api": "HeapCreate",
            "status": true,
            "return": "0x02850000",
            "arguments": [
              {
                "name": "Options",
                "value": "262144"
              },
              {
                "name": "InitialSize",
                "value": "0x00000000"
              },
              {
                "name": "MaximumSize",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 162
          },
          {
            "timestamp": "2026-04-16 20:05:40,743",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeef087b51",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\WinSxS\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_88e266cb2fac7c0d\\MSVCR80"
              },
              {
                "name": "DllBase",
                "value": "0x575f0000"
              }
            ],
            "repeated": 0,
            "id": 163
          },
          {
            "timestamp": "2026-04-16 20:05:40,743",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeef087b51",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks"
              },
              {
                "name": "DllBase",
                "value": "0x7ffeaa720000"
              }
            ],
            "repeated": 0,
            "id": 164
          },
          {
            "timestamp": "2026-04-16 20:05:41,009",
            "thread_id": "812",
            "caller": "0x575fe6b5",
            "parentcaller": "0x575f2e11",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 2,
            "id": 165
          },
          {
            "timestamp": "2026-04-16 20:05:43,337",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeef087b51",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaa720000"
              }
            ],
            "repeated": 0,
            "id": 166
          },
          {
            "timestamp": "2026-04-16 20:05:43,337",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeef087b51",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffeaa720000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 167
          },
          {
            "timestamp": "2026-04-16 20:05:43,337",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef09217c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeaa720000"
              },
              {
                "name": "FunctionName",
                "value": "SetLoadedByMscoree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 168
          },
          {
            "timestamp": "2026-04-16 20:05:43,337",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeef0896ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef127000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 169
          },
          {
            "timestamp": "2026-04-16 20:05:43,337",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffefc5e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "USER32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefd9e0000"
              }
            ],
            "repeated": 0,
            "id": 170
          },
          {
            "timestamp": "2026-04-16 20:05:43,337",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffefc5e3321",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffefd9e0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "USER32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 171
          },
          {
            "timestamp": "2026-04-16 20:05:43,337",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef085cec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetProcessWindowStation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefda14160"
              }
            ],
            "repeated": 0,
            "id": 172
          },
          {
            "timestamp": "2026-04-16 20:05:43,337",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeef0896ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef127000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 173
          },
          {
            "timestamp": "2026-04-16 20:05:43,337",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeef0896ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef127000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 174
          },
          {
            "timestamp": "2026-04-16 20:05:43,337",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef085cec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetUserObjectInformationW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefda14250"
              }
            ],
            "repeated": 0,
            "id": 175
          },
          {
            "timestamp": "2026-04-16 20:05:43,337",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeef0896ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef127000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 176
          },
          {
            "timestamp": "2026-04-16 20:05:43,337",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef08dfba",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeaa720000"
              },
              {
                "name": "FunctionName",
                "value": "_CorExeMain"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffeaa98a734"
              }
            ],
            "repeated": 0,
            "id": 177
          },
          {
            "timestamp": "2026-04-16 20:05:43,977",
            "thread_id": "812",
            "caller": "0x7ffeaa9b24d8",
            "parentcaller": "0x7ffeaa86ded8",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 178
          },
          {
            "timestamp": "2026-04-16 20:05:43,977",
            "thread_id": "812",
            "caller": "0x7ffeaa98a763",
            "parentcaller": "0x7ffeef088c01",
            "category": "misc",
            "api": "GetCommandLineW",
            "status": true,
            "return": "0x00b62458",
            "arguments": [
              {
                "name": "CommandLine",
                "value": "\"C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe\" "
              }
            ],
            "repeated": 0,
            "id": 179
          },
          {
            "timestamp": "2026-04-16 20:05:44,368",
            "thread_id": "812",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffefc5e2d56",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "mscorwks.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeaa720000"
              }
            ],
            "repeated": 0,
            "id": 180
          },
          {
            "timestamp": "2026-04-16 20:05:44,368",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa8506e1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeaa720000"
              },
              {
                "name": "FunctionName",
                "value": "GetCLRFunction"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffeaa983ad8"
              }
            ],
            "repeated": 0,
            "id": 181
          },
          {
            "timestamp": "2026-04-16 20:05:45,321",
            "thread_id": "812",
            "caller": "0x7ffeaa89be81",
            "parentcaller": "0x7ffeaa958b51",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 182
          },
          {
            "timestamp": "2026-04-16 20:05:45,321",
            "thread_id": "812",
            "caller": "0x7ffeaa89bf12",
            "parentcaller": "0x7ffeaa958b51",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000208"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 183
          },
          {
            "timestamp": "2026-04-16 20:05:45,321",
            "thread_id": "812",
            "caller": "0x7ffeaa89bf4a",
            "parentcaller": "0x7ffeaa958b51",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000208"
              },
              {
                "name": "ValueName",
                "value": "DisableConfigCache"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\DisableConfigCache"
              }
            ],
            "repeated": 0,
            "id": 184
          },
          {
            "timestamp": "2026-04-16 20:05:45,321",
            "thread_id": "812",
            "caller": "0x7ffeaa89bf5b",
            "parentcaller": "0x7ffeaa958b51",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000208"
              }
            ],
            "repeated": 0,
            "id": 185
          },
          {
            "timestamp": "2026-04-16 20:05:45,321",
            "thread_id": "812",
            "caller": "0x7ffeaa958b9a",
            "parentcaller": "0x7ffeaaf19654",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 186
          },
          {
            "timestamp": "2026-04-16 20:05:45,321",
            "thread_id": "812",
            "caller": "0x7ffeaa958b9a",
            "parentcaller": "0x7ffeaaf19654",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000208"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 187
          },
          {
            "timestamp": "2026-04-16 20:05:45,321",
            "thread_id": "812",
            "caller": "0x7ffeaa958be3",
            "parentcaller": "0x7ffeaaf19654",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000208"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "ValueName",
                "value": "Enable64Bit"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Enable64Bit"
              }
            ],
            "repeated": 0,
            "id": 188
          },
          {
            "timestamp": "2026-04-16 20:05:45,321",
            "thread_id": "812",
            "caller": "0x7ffeaa958be3",
            "parentcaller": "0x7ffeaaf19654",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000208"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 189
          },
          {
            "timestamp": "2026-04-16 20:05:45,321",
            "thread_id": "812",
            "caller": "0x7ffeaa958be3",
            "parentcaller": "0x7ffeaaf19654",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000208"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "ValueName",
                "value": "UseRyuJIT"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\UseRyuJIT"
              }
            ],
            "repeated": 0,
            "id": 190
          },
          {
            "timestamp": "2026-04-16 20:05:45,321",
            "thread_id": "812",
            "caller": "0x7ffeaa958be3",
            "parentcaller": "0x7ffeaaf19654",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000208"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "0",
                "pretty_value": "REG_NONE"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\"
              }
            ],
            "repeated": 0,
            "id": 191
          },
          {
            "timestamp": "2026-04-16 20:05:45,681",
            "thread_id": "812",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffeaa9c8e2d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "advapi32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              }
            ],
            "repeated": 0,
            "id": 192
          },
          {
            "timestamp": "2026-04-16 20:05:45,681",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9c8e4d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterTraceGuidsW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe892a50"
              }
            ],
            "repeated": 0,
            "id": 193
          },
          {
            "timestamp": "2026-04-16 20:05:45,681",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9c8e68",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "UnregisterTraceGuids"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe8a0380"
              }
            ],
            "repeated": 0,
            "id": 194
          },
          {
            "timestamp": "2026-04-16 20:05:45,681",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9c8e83",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "GetTraceLoggerHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe8d1340"
              }
            ],
            "repeated": 0,
            "id": 195
          },
          {
            "timestamp": "2026-04-16 20:05:45,681",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9c8e9e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "GetTraceEnableLevel"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe8d1380"
              }
            ],
            "repeated": 0,
            "id": 196
          },
          {
            "timestamp": "2026-04-16 20:05:45,681",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9c8eb9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "GetTraceEnableFlags"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe8d13c0"
              }
            ],
            "repeated": 0,
            "id": 197
          },
          {
            "timestamp": "2026-04-16 20:05:45,681",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9c8ed4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "TraceEvent"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe89fb90"
              }
            ],
            "repeated": 0,
            "id": 198
          },
          {
            "timestamp": "2026-04-16 20:05:46,196",
            "thread_id": "812",
            "caller": "0x7ffefc5e174f",
            "parentcaller": "0x7ffeaac92f83",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x7ffeaa91f082"
              },
              {
                "name": "EventName",
                "value": "Global\\CLR_PerfMon_StartEnumEvent"
              }
            ],
            "repeated": 0,
            "id": 199
          },
          {
            "timestamp": "2026-04-16 20:05:46,196",
            "thread_id": "812",
            "caller": "0x57679ff4",
            "parentcaller": "0x7ffeaaf1790e",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 200
          },
          {
            "timestamp": "2026-04-16 20:05:46,540",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa900b5a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "mscoree.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef230000"
              }
            ],
            "repeated": 0,
            "id": 201
          },
          {
            "timestamp": "2026-04-16 20:05:46,540",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa900b5a",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffeef230000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "mscoree.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 202
          },
          {
            "timestamp": "2026-04-16 20:05:46,540",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa900b76",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef230000"
              },
              {
                "name": "FunctionName",
                "value": "IEE"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffeef238ea0"
              }
            ],
            "repeated": 0,
            "id": 203
          },
          {
            "timestamp": "2026-04-16 20:05:46,540",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef238f44",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef080000"
              },
              {
                "name": "FunctionName",
                "value": "IEE_RetAddr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 204
          },
          {
            "timestamp": "2026-04-16 20:05:46,540",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef238f94",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef080000"
              },
              {
                "name": "FunctionName",
                "value": "IEE"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffeef090e00"
              }
            ],
            "repeated": 0,
            "id": 205
          },
          {
            "timestamp": "2026-04-16 20:05:46,540",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef090e36",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeaa720000"
              },
              {
                "name": "FunctionName",
                "value": "IEE"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffeaaa151a4"
              }
            ],
            "repeated": 0,
            "id": 206
          },
          {
            "timestamp": "2026-04-16 20:05:46,774",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaa743000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 207
          },
          {
            "timestamp": "2026-04-16 20:05:46,774",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaa743000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 208
          },
          {
            "timestamp": "2026-04-16 20:05:46,931",
            "thread_id": "812",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffeaa9f9eaa",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "mscoree.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef230000"
              }
            ],
            "repeated": 0,
            "id": 209
          },
          {
            "timestamp": "2026-04-16 20:05:46,931",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9f9ec6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef230000"
              },
              {
                "name": "FunctionName",
                "value": "GetStartupFlags"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffeef2349e0"
              }
            ],
            "repeated": 0,
            "id": 210
          },
          {
            "timestamp": "2026-04-16 20:05:46,931",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef234a3b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef080000"
              },
              {
                "name": "FunctionName",
                "value": "GetStartupFlags_RetAddr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 211
          },
          {
            "timestamp": "2026-04-16 20:05:46,931",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef234a8a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef080000"
              },
              {
                "name": "FunctionName",
                "value": "GetStartupFlags"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffeef090ba0"
              }
            ],
            "repeated": 0,
            "id": 212
          },
          {
            "timestamp": "2026-04-16 20:05:46,931",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9f9f83",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef230000"
              },
              {
                "name": "FunctionName",
                "value": "GetHostConfigurationFile"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffeef237a30"
              }
            ],
            "repeated": 0,
            "id": 213
          },
          {
            "timestamp": "2026-04-16 20:05:46,931",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef237adb",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef080000"
              },
              {
                "name": "FunctionName",
                "value": "GetHostConfigurationFile_RetAddr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 214
          },
          {
            "timestamp": "2026-04-16 20:05:46,931",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef237b2d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef080000"
              },
              {
                "name": "FunctionName",
                "value": "GetHostConfigurationFile"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffeef090c10"
              }
            ],
            "repeated": 0,
            "id": 215
          },
          {
            "timestamp": "2026-04-16 20:05:47,024",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef2359c4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef080000"
              },
              {
                "name": "FunctionName",
                "value": "GetCORVersion_RetAddr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 216
          },
          {
            "timestamp": "2026-04-16 20:05:47,024",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef235a18",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef080000"
              },
              {
                "name": "FunctionName",
                "value": "GetCORVersion"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffeef0909a0"
              }
            ],
            "repeated": 0,
            "id": 217
          },
          {
            "timestamp": "2026-04-16 20:05:47,024",
            "thread_id": "812",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffeaac7780b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "mscoree.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef230000"
              }
            ],
            "repeated": 0,
            "id": 218
          },
          {
            "timestamp": "2026-04-16 20:05:47,024",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaac77826",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef230000"
              },
              {
                "name": "FunctionName",
                "value": "GetCORSystemDirectory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffeef235830"
              }
            ],
            "repeated": 0,
            "id": 219
          },
          {
            "timestamp": "2026-04-16 20:05:47,024",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef2358a4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef080000"
              },
              {
                "name": "FunctionName",
                "value": "GetCORSystemDirectory_RetAddr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffeef090a40"
              }
            ],
            "repeated": 0,
            "id": 220
          },
          {
            "timestamp": "2026-04-16 20:05:47,024",
            "thread_id": "812",
            "caller": "0x7ffeef0885ef",
            "parentcaller": "0x7ffeef092a2e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework\\Policy\\AppPatch"
              },
              {
                "name": "Handle",
                "value": "0x000001fc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\AppPatch"
              }
            ],
            "repeated": 0,
            "id": 221
          },
          {
            "timestamp": "2026-04-16 20:05:50,665",
            "thread_id": "812",
            "caller": "0x7ffefc5dd3ec",
            "parentcaller": "0x7ffeef092b58",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319"
              }
            ],
            "repeated": 0,
            "id": 222
          },
          {
            "timestamp": "2026-04-16 20:05:50,665",
            "thread_id": "812",
            "caller": "0x7ffeef0885ef",
            "parentcaller": "0x7ffeef092a2e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000001fc"
              },
              {
                "name": "SubKey",
                "value": "v4.0.30319.00000"
              },
              {
                "name": "Handle",
                "value": "0x0000020c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\AppPatch\\v4.0.30319.00000"
              }
            ],
            "repeated": 0,
            "id": 223
          },
          {
            "timestamp": "2026-04-16 20:05:50,665",
            "thread_id": "812",
            "caller": "0x7ffeef0929d6",
            "parentcaller": "0x7ffeef0926d8",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001fc"
              }
            ],
            "repeated": 0,
            "id": 224
          },
          {
            "timestamp": "2026-04-16 20:05:50,665",
            "thread_id": "812",
            "caller": "0x7ffeef0885ef",
            "parentcaller": "0x7ffeef092a2e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000020c"
              },
              {
                "name": "SubKey",
                "value": "mscorwks.dll"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\AppPatch\\v4.0.30319.00000\\mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 225
          },
          {
            "timestamp": "2026-04-16 20:05:50,665",
            "thread_id": "812",
            "caller": "0x7ffeef09277a",
            "parentcaller": "0x7ffeef090b0b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000020c"
              }
            ],
            "repeated": 0,
            "id": 226
          },
          {
            "timestamp": "2026-04-16 20:05:50,759",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef2373ac",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef080000"
              },
              {
                "name": "FunctionName",
                "value": "CreateConfigStream_RetAddr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 227
          },
          {
            "timestamp": "2026-04-16 20:05:50,759",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef2373fe",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef080000"
              },
              {
                "name": "FunctionName",
                "value": "CreateConfigStream"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffeef087390"
              }
            ],
            "repeated": 0,
            "id": 228
          },
          {
            "timestamp": "2026-04-16 20:05:50,759",
            "thread_id": "812",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000000d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 229
          },
          {
            "timestamp": "2026-04-16 20:05:51,821",
            "thread_id": "812",
            "caller": "0x7ffefc5daf23",
            "parentcaller": "0x7ffeef082468",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000000d8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "<?xml version=\"1.0\" encoding=\"UTF-8\"?><!--\r\n    Please refer to machine.config.comments for a description and\r\n    the default values of each configuration section.\r\n\r\n    For a full documentation of the schema please refer to\r\n    http://go.microsoft.com/"
              },
              {
                "name": "Length",
                "value": "4095"
              }
            ],
            "repeated": 0,
            "id": 230
          },
          {
            "timestamp": "2026-04-16 20:05:52,118",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00bab000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 231
          },
          {
            "timestamp": "2026-04-16 20:05:52,165",
            "thread_id": "812",
            "caller": "0x7ffefc5daf23",
            "parentcaller": "0x7ffeef082468",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000000d8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "7a5c561934e089\">\r\n            <section name=\"schemaImporterExtensions\" type=\"System.Xml.Serialization.Configuration.SchemaImporterExtensionsSection, System.Xml, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"/>\r\n            <section name"
              },
              {
                "name": "Length",
                "value": "18712"
              }
            ],
            "repeated": 0,
            "id": 232
          },
          {
            "timestamp": "2026-04-16 20:05:52,165",
            "thread_id": "812",
            "caller": "0x7ffefc5da405",
            "parentcaller": "0x7ffeef0824c7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000d8"
              }
            ],
            "repeated": 0,
            "id": 233
          },
          {
            "timestamp": "2026-04-16 20:05:52,165",
            "thread_id": "812",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 234
          },
          {
            "timestamp": "2026-04-16 20:05:52,259",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa9a9c4e",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ntdll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefe850000"
              }
            ],
            "repeated": 0,
            "id": 235
          },
          {
            "timestamp": "2026-04-16 20:05:52,259",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa9a9c4e",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffefe850000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ntdll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 236
          },
          {
            "timestamp": "2026-04-16 20:05:52,259",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9ca00a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe850000"
              },
              {
                "name": "FunctionName",
                "value": "RtlVirtualUnwind"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe880de0"
              }
            ],
            "repeated": 0,
            "id": 237
          },
          {
            "timestamp": "2026-04-16 20:05:52,274",
            "thread_id": "812",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffeaa9c98b2",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              }
            ],
            "repeated": 0,
            "id": 238
          },
          {
            "timestamp": "2026-04-16 20:05:52,274",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9c98c7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "IsWow64Process"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3ff670"
              }
            ],
            "repeated": 0,
            "id": 239
          },
          {
            "timestamp": "2026-04-16 20:05:52,321",
            "thread_id": "812",
            "caller": "0x7ffeaa863a3c",
            "parentcaller": "0x7ffeaaf17bba",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Fusion"
              },
              {
                "name": "Handle",
                "value": "0x000000d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion"
              }
            ],
            "repeated": 0,
            "id": 240
          },
          {
            "timestamp": "2026-04-16 20:05:52,321",
            "thread_id": "812",
            "caller": "0x7ffeaa9dbcf5",
            "parentcaller": "0x7ffeaac567ba",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\client.bin.exe"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\client.bin.exe"
              }
            ],
            "repeated": 0,
            "id": 241
          },
          {
            "timestamp": "2026-04-16 20:05:52,321",
            "thread_id": "812",
            "caller": "0x7ffefc5dc045",
            "parentcaller": "0x7ffeaa9b004f",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\fusion.localgac"
              }
            ],
            "repeated": 0,
            "id": 242
          },
          {
            "timestamp": "2026-04-16 20:05:52,321",
            "thread_id": "812",
            "caller": "0x7ffeaa9dbcf5",
            "parentcaller": "0x7ffeaac974ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Fusion"
              },
              {
                "name": "Handle",
                "value": "0x0000020c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion"
              }
            ],
            "repeated": 0,
            "id": 243
          },
          {
            "timestamp": "2026-04-16 20:05:52,321",
            "thread_id": "812",
            "caller": "0x7ffeaac974dd",
            "parentcaller": "0x7ffeaabcfd4a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000020c"
              },
              {
                "name": "ValueName",
                "value": "CacheLocation"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\CacheLocation"
              }
            ],
            "repeated": 0,
            "id": 244
          },
          {
            "timestamp": "2026-04-16 20:05:52,321",
            "thread_id": "812",
            "caller": "0x7ffeaac9751a",
            "parentcaller": "0x7ffeaabcfd4a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000020c"
              }
            ],
            "repeated": 0,
            "id": 245
          },
          {
            "timestamp": "2026-04-16 20:05:52,321",
            "thread_id": "812",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffeaac6925e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              }
            ],
            "repeated": 0,
            "id": 246
          },
          {
            "timestamp": "2026-04-16 20:05:52,321",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaac69273",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetSystemWindowsDirectoryW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3e9110"
              }
            ],
            "repeated": 0,
            "id": 247
          },
          {
            "timestamp": "2026-04-16 20:05:52,337",
            "thread_id": "812",
            "caller": "0x7ffeaa9b8f75",
            "parentcaller": "0x7ffeaa863a97",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Fusion"
              },
              {
                "name": "Handle",
                "value": "0x0000020c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion"
              }
            ],
            "repeated": 0,
            "id": 248
          },
          {
            "timestamp": "2026-04-16 20:05:52,337",
            "thread_id": "812",
            "caller": "0x7ffeaa9b8fb5",
            "parentcaller": "0x7ffeaa863a97",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000020c"
              },
              {
                "name": "ValueName",
                "value": "DownloadCacheQuotaInKB"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DownloadCacheQuotaInKB"
              }
            ],
            "repeated": 0,
            "id": 249
          },
          {
            "timestamp": "2026-04-16 20:05:52,337",
            "thread_id": "812",
            "caller": "0x7ffeaa9b8ff9",
            "parentcaller": "0x7ffeaa863a97",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Fusion"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Fusion"
              }
            ],
            "repeated": 0,
            "id": 250
          },
          {
            "timestamp": "2026-04-16 20:05:52,337",
            "thread_id": "812",
            "caller": "0x7ffeaa9b905a",
            "parentcaller": "0x7ffeaa863a97",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000020c"
              }
            ],
            "repeated": 0,
            "id": 251
          },
          {
            "timestamp": "2026-04-16 20:05:52,337",
            "thread_id": "812",
            "caller": "0x7ffeaa863856",
            "parentcaller": "0x7ffeaa863aab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000d8"
              },
              {
                "name": "ValueName",
                "value": "EnableLog"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\EnableLog"
              }
            ],
            "repeated": 0,
            "id": 252
          },
          {
            "timestamp": "2026-04-16 20:05:52,337",
            "thread_id": "812",
            "caller": "0x7ffeaa863856",
            "parentcaller": "0x7ffeaa863ac5",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000d8"
              },
              {
                "name": "ValueName",
                "value": "LoggingLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LoggingLevel"
              }
            ],
            "repeated": 0,
            "id": 253
          },
          {
            "timestamp": "2026-04-16 20:05:52,337",
            "thread_id": "812",
            "caller": "0x7ffeaa863856",
            "parentcaller": "0x7ffeaa863adf",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000d8"
              },
              {
                "name": "ValueName",
                "value": "ForceLog"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\ForceLog"
              }
            ],
            "repeated": 0,
            "id": 254
          },
          {
            "timestamp": "2026-04-16 20:05:52,337",
            "thread_id": "812",
            "caller": "0x7ffeaa863856",
            "parentcaller": "0x7ffeaa863af9",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000d8"
              },
              {
                "name": "ValueName",
                "value": "LogFailures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogFailures"
              }
            ],
            "repeated": 0,
            "id": 255
          },
          {
            "timestamp": "2026-04-16 20:05:52,337",
            "thread_id": "812",
            "caller": "0x7ffeaa863856",
            "parentcaller": "0x7ffeaa863b13",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000d8"
              },
              {
                "name": "ValueName",
                "value": "VersioningLog"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\VersioningLog"
              }
            ],
            "repeated": 0,
            "id": 256
          },
          {
            "timestamp": "2026-04-16 20:05:52,337",
            "thread_id": "812",
            "caller": "0x7ffeaa863856",
            "parentcaller": "0x7ffeaa863b2d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000d8"
              },
              {
                "name": "ValueName",
                "value": "LogResourceBinds"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogResourceBinds"
              }
            ],
            "repeated": 0,
            "id": 257
          },
          {
            "timestamp": "2026-04-16 20:05:52,337",
            "thread_id": "812",
            "caller": "0x7ffeaa863856",
            "parentcaller": "0x7ffeaa863b62",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000d8"
              },
              {
                "name": "ValueName",
                "value": "UseLegacyIdentityFormat"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\UseLegacyIdentityFormat"
              }
            ],
            "repeated": 0,
            "id": 258
          },
          {
            "timestamp": "2026-04-16 20:05:52,337",
            "thread_id": "812",
            "caller": "0x7ffeaa863856",
            "parentcaller": "0x7ffeaa863b7c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000d8"
              },
              {
                "name": "ValueName",
                "value": "DisableMSIPeek"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DisableMSIPeek"
              }
            ],
            "repeated": 0,
            "id": 259
          },
          {
            "timestamp": "2026-04-16 20:05:52,337",
            "thread_id": "812",
            "caller": "0x7ffeaa863856",
            "parentcaller": "0x7ffeaa863b96",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000d8"
              },
              {
                "name": "ValueName",
                "value": "NoClientChecks"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NoClientChecks"
              }
            ],
            "repeated": 0,
            "id": 260
          },
          {
            "timestamp": "2026-04-16 20:05:52,337",
            "thread_id": "812",
            "caller": "0x7ffeaa863bac",
            "parentcaller": "0x7ffeaaf17bba",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000d8"
              }
            ],
            "repeated": 0,
            "id": 261
          },
          {
            "timestamp": "2026-04-16 20:05:52,337",
            "thread_id": "812",
            "caller": "0x7ffeaa9dbcf5",
            "parentcaller": "0x7ffeaac9d6d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options"
              },
              {
                "name": "Handle",
                "value": "0x000000d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options"
              }
            ],
            "repeated": 0,
            "id": 262
          },
          {
            "timestamp": "2026-04-16 20:05:52,337",
            "thread_id": "812",
            "caller": "0x7ffeaa863856",
            "parentcaller": "0x7ffeaac9d6f3",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000d8"
              },
              {
                "name": "ValueName",
                "value": "DevOverrideEnable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DevOverrideEnable"
              }
            ],
            "repeated": 0,
            "id": 263
          },
          {
            "timestamp": "2026-04-16 20:05:52,337",
            "thread_id": "812",
            "caller": "0x7ffeaac9d8e9",
            "parentcaller": "0x7ffeaac569d9",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000d8"
              }
            ],
            "repeated": 0,
            "id": 264
          },
          {
            "timestamp": "2026-04-16 20:05:52,571",
            "thread_id": "812",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffeaaca4176",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "advapi32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              }
            ],
            "repeated": 0,
            "id": 265
          },
          {
            "timestamp": "2026-04-16 20:05:52,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaaca4194",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "AllocateAndInitializeSid"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd7363d0"
              }
            ],
            "repeated": 0,
            "id": 266
          },
          {
            "timestamp": "2026-04-16 20:05:52,571",
            "thread_id": "812",
            "caller": "0x7ffefc5dc13e",
            "parentcaller": "0x7ffeaac92e3d",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000000d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000400",
                "pretty_value": "PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 267
          },
          {
            "timestamp": "2026-04-16 20:05:52,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaac92e64",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "OpenProcessToken"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd736b50"
              }
            ],
            "repeated": 0,
            "id": 268
          },
          {
            "timestamp": "2026-04-16 20:05:52,571",
            "thread_id": "812",
            "caller": "0x7ffefc5eb14b",
            "parentcaller": "0x7ffeaac92e7c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000000d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000020c"
              }
            ],
            "repeated": 0,
            "id": 269
          },
          {
            "timestamp": "2026-04-16 20:05:52,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaac92e93",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "GetTokenInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd736060"
              }
            ],
            "repeated": 0,
            "id": 270
          },
          {
            "timestamp": "2026-04-16 20:05:52,571",
            "thread_id": "812",
            "caller": "0x7ffefc5dac8b",
            "parentcaller": "0x7ffeaac92eb9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 271
          },
          {
            "timestamp": "2026-04-16 20:05:52,571",
            "thread_id": "812",
            "caller": "0x7ffefc5dac8b",
            "parentcaller": "0x7ffeaac92f03",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\x05\\xba\\x00\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 272
          },
          {
            "timestamp": "2026-04-16 20:05:52,571",
            "thread_id": "812",
            "caller": "0x7ffefc5da405",
            "parentcaller": "0x7ffeaac92f1f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000d8"
              }
            ],
            "repeated": 0,
            "id": 273
          },
          {
            "timestamp": "2026-04-16 20:05:52,571",
            "thread_id": "812",
            "caller": "0x7ffefc5da405",
            "parentcaller": "0x7ffeaac92f2e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000020c"
              }
            ],
            "repeated": 0,
            "id": 274
          },
          {
            "timestamp": "2026-04-16 20:05:52,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaaca431f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "InitializeAcl"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd737280"
              }
            ],
            "repeated": 0,
            "id": 275
          },
          {
            "timestamp": "2026-04-16 20:05:52,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaaca4394",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "AddAccessAllowedAce"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd7371f0"
              }
            ],
            "repeated": 0,
            "id": 276
          },
          {
            "timestamp": "2026-04-16 20:05:52,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaaca4407",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "FreeSid"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd737210"
              }
            ],
            "repeated": 0,
            "id": 277
          },
          {
            "timestamp": "2026-04-16 20:05:52,571",
            "thread_id": "812",
            "caller": "0x7ffefc5e1e71",
            "parentcaller": "0x7ffefc5e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000020c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\Cor_Private_IPCBlock_4156"
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 278
          },
          {
            "timestamp": "2026-04-16 20:05:52,571",
            "thread_id": "812",
            "caller": "0x7ffefc6147e6",
            "parentcaller": "0x7ffefc6146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000020c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00cc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007eef20"
              },
              {
                "name": "ViewSize",
                "value": "0x00003000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 279
          },
          {
            "timestamp": "2026-04-16 20:05:52,571",
            "thread_id": "812",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffeaaca4176",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "advapi32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              }
            ],
            "repeated": 0,
            "id": 280
          },
          {
            "timestamp": "2026-04-16 20:05:52,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaaca4194",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "AllocateAndInitializeSid"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd7363d0"
              }
            ],
            "repeated": 0,
            "id": 281
          },
          {
            "timestamp": "2026-04-16 20:05:52,571",
            "thread_id": "812",
            "caller": "0x7ffefc5dc13e",
            "parentcaller": "0x7ffeaac92e3d",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000000d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000400",
                "pretty_value": "PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 282
          },
          {
            "timestamp": "2026-04-16 20:05:52,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaac92e64",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "OpenProcessToken"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd736b50"
              }
            ],
            "repeated": 0,
            "id": 283
          },
          {
            "timestamp": "2026-04-16 20:05:52,571",
            "thread_id": "812",
            "caller": "0x7ffefc5eb14b",
            "parentcaller": "0x7ffeaac92e7c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000000d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000001fc"
              }
            ],
            "repeated": 0,
            "id": 284
          },
          {
            "timestamp": "2026-04-16 20:05:52,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaac92e93",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "GetTokenInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd736060"
              }
            ],
            "repeated": 0,
            "id": 285
          },
          {
            "timestamp": "2026-04-16 20:05:52,571",
            "thread_id": "812",
            "caller": "0x7ffefc5dac8b",
            "parentcaller": "0x7ffeaac92eb9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 286
          },
          {
            "timestamp": "2026-04-16 20:05:52,571",
            "thread_id": "812",
            "caller": "0x7ffefc5dac8b",
            "parentcaller": "0x7ffeaac92f03",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\x04\\xba\\x00\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 287
          },
          {
            "timestamp": "2026-04-16 20:05:52,571",
            "thread_id": "812",
            "caller": "0x7ffefc5da405",
            "parentcaller": "0x7ffeaac92f1f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000d8"
              }
            ],
            "repeated": 0,
            "id": 288
          },
          {
            "timestamp": "2026-04-16 20:05:52,571",
            "thread_id": "812",
            "caller": "0x7ffefc5da405",
            "parentcaller": "0x7ffeaac92f2e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001fc"
              }
            ],
            "repeated": 0,
            "id": 289
          },
          {
            "timestamp": "2026-04-16 20:05:52,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaaca431f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "InitializeAcl"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd737280"
              }
            ],
            "repeated": 0,
            "id": 290
          },
          {
            "timestamp": "2026-04-16 20:05:52,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaaca4394",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "AddAccessAllowedAce"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd7371f0"
              }
            ],
            "repeated": 0,
            "id": 291
          },
          {
            "timestamp": "2026-04-16 20:05:52,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaaca4407",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "FreeSid"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd737210"
              }
            ],
            "repeated": 0,
            "id": 292
          },
          {
            "timestamp": "2026-04-16 20:05:52,571",
            "thread_id": "812",
            "caller": "0x7ffefc5e1e71",
            "parentcaller": "0x7ffefc5e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\Cor_Public_IPCBlock_4156"
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 293
          },
          {
            "timestamp": "2026-04-16 20:05:52,571",
            "thread_id": "812",
            "caller": "0x7ffefc6147e6",
            "parentcaller": "0x7ffefc6146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000001fc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00cd0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007eef80"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 294
          },
          {
            "timestamp": "2026-04-16 20:05:52,571",
            "thread_id": "812",
            "caller": "0x7ffeaa86241f",
            "parentcaller": "0x7ffeaa8625e7",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 295
          },
          {
            "timestamp": "2026-04-16 20:05:52,602",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00020000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 296
          },
          {
            "timestamp": "2026-04-16 20:05:52,602",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00020000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 297
          },
          {
            "timestamp": "2026-04-16 20:05:52,649",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1a000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 298
          },
          {
            "timestamp": "2026-04-16 20:05:52,649",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1a000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 299
          },
          {
            "timestamp": "2026-04-16 20:05:52,649",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1a000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 300
          },
          {
            "timestamp": "2026-04-16 20:05:52,665",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1a000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 301
          },
          {
            "timestamp": "2026-04-16 20:05:52,665",
            "thread_id": "812",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffeaa9c7cf1",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              }
            ],
            "repeated": 0,
            "id": 302
          },
          {
            "timestamp": "2026-04-16 20:05:52,665",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9c7ca9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "SetThreadStackGuarantee"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3fe390"
              }
            ],
            "repeated": 0,
            "id": 303
          },
          {
            "timestamp": "2026-04-16 20:05:52,696",
            "thread_id": "812",
            "caller": "0x7ffeaacb620d",
            "parentcaller": "0x7ffeaa985440",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "16384"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 304
          },
          {
            "timestamp": "2026-04-16 20:05:52,712",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00bb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 305
          },
          {
            "timestamp": "2026-04-16 20:05:52,712",
            "thread_id": "812",
            "caller": "0x7ffefe3fc155",
            "parentcaller": "0x7ffeaa87c315",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 306
          },
          {
            "timestamp": "2026-04-16 20:05:52,727",
            "thread_id": "812",
            "caller": "0x7ffeaabc0e65",
            "parentcaller": "0x7ffeaabc1c70",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework\\NGen\\Policy\\v2.0"
              },
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\NGen\\Policy\\v2.0"
              }
            ],
            "repeated": 0,
            "id": 307
          },
          {
            "timestamp": "2026-04-16 20:05:52,727",
            "thread_id": "812",
            "caller": "0x7ffeaabc0ec0",
            "parentcaller": "0x7ffeaabc1c70",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              },
              {
                "name": "ValueName",
                "value": "OptimizeUsedBinaries"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\NGen\\Policy\\v2.0\\OptimizeUsedBinaries"
              }
            ],
            "repeated": 0,
            "id": 308
          },
          {
            "timestamp": "2026-04-16 20:05:52,727",
            "thread_id": "812",
            "caller": "0x7ffeaac737c1",
            "parentcaller": "0x7ffeaabc0f2b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000021c"
              }
            ],
            "repeated": 0,
            "id": 309
          },
          {
            "timestamp": "2026-04-16 20:05:52,743",
            "thread_id": "812",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x007ef3e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\CLR_v2.0\\UsageLogs\\client.bin.exe.log"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 310
          },
          {
            "timestamp": "2026-04-16 20:05:52,743",
            "thread_id": "812",
            "caller": "0x7ffefe3fc155",
            "parentcaller": "0x7ffeaa87c315",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 311
          },
          {
            "timestamp": "2026-04-16 20:05:52,743",
            "thread_id": "812",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffefc5e2d56",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              }
            ],
            "repeated": 0,
            "id": 312
          },
          {
            "timestamp": "2026-04-16 20:05:52,743",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa954f2c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "FlsSetValue"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3fc2d0"
              }
            ],
            "repeated": 0,
            "id": 313
          },
          {
            "timestamp": "2026-04-16 20:05:52,743",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa954f43",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "FlsGetValue"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3f84e0"
              }
            ],
            "repeated": 0,
            "id": 314
          },
          {
            "timestamp": "2026-04-16 20:05:52,743",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa954f5a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "FlsAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe4001d0"
              }
            ],
            "repeated": 0,
            "id": 315
          },
          {
            "timestamp": "2026-04-16 20:05:52,743",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa954f71",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "FlsFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe400b10"
              }
            ],
            "repeated": 0,
            "id": 316
          },
          {
            "timestamp": "2026-04-16 20:05:52,759",
            "thread_id": "812",
            "caller": "0x7ffefe3fc155",
            "parentcaller": "0x7ffeaa87c315",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 4,
            "id": 317
          },
          {
            "timestamp": "2026-04-16 20:05:52,759",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b040000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 318
          },
          {
            "timestamp": "2026-04-16 20:05:52,790",
            "thread_id": "812",
            "caller": "0x7ffefe3fc155",
            "parentcaller": "0x7ffeaa87c315",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 319
          },
          {
            "timestamp": "2026-04-16 20:05:52,790",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b050000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 320
          },
          {
            "timestamp": "2026-04-16 20:05:52,899",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00021000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 321
          },
          {
            "timestamp": "2026-04-16 20:05:52,899",
            "thread_id": "812",
            "caller": "0x7ffefe3fc155",
            "parentcaller": "0x7ffeaa87c315",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 4,
            "id": 322
          },
          {
            "timestamp": "2026-04-16 20:05:52,899",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b060000"
              },
              {
                "name": "RegionSize",
                "value": "0x000a0000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 323
          },
          {
            "timestamp": "2026-04-16 20:05:52,899",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b100000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 324
          },
          {
            "timestamp": "2026-04-16 20:05:52,899",
            "thread_id": "812",
            "caller": "0x7ffefe3fc155",
            "parentcaller": "0x7ffeaa87c315",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 4,
            "id": 325
          },
          {
            "timestamp": "2026-04-16 20:05:52,899",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b110000"
              },
              {
                "name": "RegionSize",
                "value": "0x00070000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 326
          },
          {
            "timestamp": "2026-04-16 20:05:52,946",
            "thread_id": "812",
            "caller": "0x7ffefc61299b",
            "parentcaller": "0x7ffeaac653dd",
            "category": "synchronization",
            "api": "NtCreateEvent",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              },
              {
                "name": "EventName",
                "value": "Global\\CorDBIPCSetupSyncEvent_4156"
              },
              {
                "name": "EventType",
                "value": "0"
              },
              {
                "name": "InitialState",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 327
          },
          {
            "timestamp": "2026-04-16 20:05:52,946",
            "thread_id": "812",
            "caller": "0x7ffefc5e55ef",
            "parentcaller": "0x7ffefe3fb5dd",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000244"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ffeaa999898"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "4600"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              },
              {
                "name": "Module",
                "value": "mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 328
          },
          {
            "timestamp": "2026-04-16 20:05:52,946",
            "thread_id": "812",
            "caller": "0x7ffefc5e55ef",
            "parentcaller": "0x7ffefe3fb5dd",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x00000244",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ffeaa999898"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "4600"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 329
          },
          {
            "timestamp": "2026-04-16 20:05:52,946",
            "thread_id": "812",
            "caller": "0x7ffefc627bc0",
            "parentcaller": "0x7ffeaa84e53c",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000244"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "4600"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 330
          },
          {
            "timestamp": "2026-04-16 20:05:52,946",
            "thread_id": "812",
            "caller": "0x7ffefc5e2378",
            "parentcaller": "0x7ffeaa9b8714",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000024c"
              },
              {
                "name": "MutexName",
                "value": ""
              },
              {
                "name": "InitialOwner",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 331
          },
          {
            "timestamp": "2026-04-16 20:05:52,946",
            "thread_id": "812",
            "caller": "0x7ffefc5e4ced",
            "parentcaller": "0x7ffeaa9b8806",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000024c"
              }
            ],
            "repeated": 0,
            "id": 332
          },
          {
            "timestamp": "2026-04-16 20:05:52,946",
            "thread_id": "4600",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef0871aa",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefc5b0000"
              },
              {
                "name": "FunctionName",
                "value": "FlsGetValue"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefc5f9900"
              }
            ],
            "repeated": 0,
            "id": 333
          },
          {
            "timestamp": "2026-04-16 20:05:52,946",
            "thread_id": "4600",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00bb9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 334
          },
          {
            "timestamp": "2026-04-16 20:05:52,946",
            "thread_id": "4600",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffefc5e2d56",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              }
            ],
            "repeated": 0,
            "id": 335
          },
          {
            "timestamp": "2026-04-16 20:05:52,946",
            "thread_id": "4600",
            "caller": "0x7ffefe8c4fed",
            "parentcaller": "0x7ffefe8c4bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 336
          },
          {
            "timestamp": "2026-04-16 20:05:52,946",
            "thread_id": "4600",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ffeaa999898"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 337
          },
          {
            "timestamp": "2026-04-16 20:05:52,946",
            "thread_id": "812",
            "caller": "0x7ffeaa9c8522",
            "parentcaller": "0x7ffeaa9c83ab",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 338
          },
          {
            "timestamp": "2026-04-16 20:05:52,946",
            "thread_id": "812",
            "caller": "0x7ffeaa9c8177",
            "parentcaller": "0x7ffeaa9c8135",
            "category": "hooking",
            "api": "RtlAddVectoredExceptionHandler",
            "status": true,
            "return": "0x00ba6e10",
            "arguments": [
              {
                "name": "First",
                "value": "1"
              },
              {
                "name": "Handler",
                "value": "0x7ffeaa974158"
              }
            ],
            "repeated": 0,
            "id": 339
          },
          {
            "timestamp": "2026-04-16 20:05:52,946",
            "thread_id": "4600",
            "caller": "0x7ffeaacb620d",
            "parentcaller": "0x7ffeaa87894f",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "16384"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 340
          },
          {
            "timestamp": "2026-04-16 20:05:52,946",
            "thread_id": "812",
            "caller": "0x7ffefe86688c",
            "parentcaller": "0x7ffefc5e2dca",
            "category": "system",
            "api": "LdrGetDllHandleEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DllName",
                "value": "kernel32.dll"
              },
              {
                "name": "DllHandle",
                "value": "0x7ffefe3e0000"
              }
            ],
            "repeated": 0,
            "id": 341
          },
          {
            "timestamp": "2026-04-16 20:05:52,946",
            "thread_id": "4600",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaa878a03",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04ed1000"
              },
              {
                "name": "RegionSize",
                "value": "0x000f7000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 342
          },
          {
            "timestamp": "2026-04-16 20:05:52,946",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9c81ac",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "AddVectoredContinueHandler"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe9299a0"
              }
            ],
            "repeated": 0,
            "id": 343
          },
          {
            "timestamp": "2026-04-16 20:05:52,946",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9c81c3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "RemoveVectoredContinueHandler"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe9299c0"
              }
            ],
            "repeated": 0,
            "id": 344
          },
          {
            "timestamp": "2026-04-16 20:05:52,946",
            "thread_id": "812",
            "caller": "0x7ffefe86354a",
            "parentcaller": "0x7ffefe862252",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefe9d1000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00004000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 345
          },
          {
            "timestamp": "2026-04-16 20:05:52,946",
            "thread_id": "812",
            "caller": "0x7ffefe86354a",
            "parentcaller": "0x7ffefe862296",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefe9d1000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00004000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 346
          },
          {
            "timestamp": "2026-04-16 20:05:52,946",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00bba000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 347
          },
          {
            "timestamp": "2026-04-16 20:05:52,946",
            "thread_id": "812",
            "caller": "0x7ffeaaa145db",
            "parentcaller": "0x7ffeaaf182a7",
            "category": "hooking",
            "api": "SetUnhandledExceptionFilter",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ExceptionFilter",
                "value": "0x7ffeab077000"
              }
            ],
            "repeated": 0,
            "id": 348
          },
          {
            "timestamp": "2026-04-16 20:05:52,977",
            "thread_id": "812",
            "caller": "0x7ffefc60028c",
            "parentcaller": "0x7ffeaacf377b",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000250"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 349
          },
          {
            "timestamp": "2026-04-16 20:05:53,009",
            "thread_id": "812",
            "caller": "0x7ffeaacb620d",
            "parentcaller": "0x7ffeaa87894f",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "16384"
              },
              {
                "name": "OutputSize",
                "value": "16384"
              }
            ],
            "repeated": 0,
            "id": 350
          },
          {
            "timestamp": "2026-04-16 20:05:53,009",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaa878a03",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x006f1000"
              },
              {
                "name": "RegionSize",
                "value": "0x000ea000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 351
          },
          {
            "timestamp": "2026-04-16 20:05:53,009",
            "thread_id": "812",
            "caller": "0x7ffefc5e174f",
            "parentcaller": "0x7ffeaac92f83",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x7ffeaa726508"
              },
              {
                "name": "EventName",
                "value": "Global\\CLR_PerfMon_StartEnumEvent"
              }
            ],
            "repeated": 0,
            "id": 352
          },
          {
            "timestamp": "2026-04-16 20:05:53,009",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1c000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 353
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1c000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 354
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1c000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 355
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1c000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 356
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1c000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 357
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1c000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 358
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1c000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 359
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1c000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 360
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1c000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 361
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1c000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 362
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1c000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 363
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1c000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 364
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1c000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 365
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1c000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 366
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1c000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 367
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1c000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 368
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1c000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 369
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1c000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 370
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1c000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 371
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1c000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 372
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1c000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 373
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1c000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 374
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1c000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 375
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1c000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 376
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1d000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 377
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1d000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 378
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1d000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 379
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1d000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 380
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1d000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 381
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1d000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 382
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1d000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 383
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1d000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 384
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1d000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 385
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1d000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 386
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeaaa1a000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 387
          },
          {
            "timestamp": "2026-04-16 20:05:53,056",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00bbd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 388
          },
          {
            "timestamp": "2026-04-16 20:05:53,102",
            "thread_id": "812",
            "caller": "0x7ffefe3fc155",
            "parentcaller": "0x7ffeaa87c315",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 389
          },
          {
            "timestamp": "2026-04-16 20:05:53,102",
            "thread_id": "812",
            "caller": "0x7ffeaa9b7528",
            "parentcaller": "0x7ffeaa98c766",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets"
              },
              {
                "name": "Handle",
                "value": "0x00000264"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets"
              }
            ],
            "repeated": 0,
            "id": 390
          },
          {
            "timestamp": "2026-04-16 20:05:53,102",
            "thread_id": "812",
            "caller": "0x7ffeaa9b75a3",
            "parentcaller": "0x7ffeaa98c766",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000264"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 391
          },
          {
            "timestamp": "2026-04-16 20:05:53,102",
            "thread_id": "812",
            "caller": "0x7ffeaa9b7607",
            "parentcaller": "0x7ffeaa98c766",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000264"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "Internet"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets\\Internet"
              }
            ],
            "repeated": 0,
            "id": 392
          },
          {
            "timestamp": "2026-04-16 20:05:53,102",
            "thread_id": "812",
            "caller": "0x7ffeaa9b7662",
            "parentcaller": "0x7ffeaa98c766",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000264"
              },
              {
                "name": "SubKey",
                "value": "Internet"
              },
              {
                "name": "Handle",
                "value": "0x00000268"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets\\Internet"
              }
            ],
            "repeated": 0,
            "id": 393
          },
          {
            "timestamp": "2026-04-16 20:05:53,102",
            "thread_id": "812",
            "caller": "0x7ffeaa9b76aa",
            "parentcaller": "0x7ffeaa98c766",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000268"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "MediaPermission"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets\\Internet\\MediaPermission"
              }
            ],
            "repeated": 0,
            "id": 394
          },
          {
            "timestamp": "2026-04-16 20:05:53,102",
            "thread_id": "812",
            "caller": "0x7ffeaa9b7711",
            "parentcaller": "0x7ffeaa98c766",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000268"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": "WebBrowserPermission"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets\\Internet\\WebBrowserPermission"
              }
            ],
            "repeated": 0,
            "id": 395
          },
          {
            "timestamp": "2026-04-16 20:05:53,102",
            "thread_id": "812",
            "caller": "0x7ffeaa9b7711",
            "parentcaller": "0x7ffeaa98c766",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000268"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets\\Internet\\"
              }
            ],
            "repeated": 0,
            "id": 396
          },
          {
            "timestamp": "2026-04-16 20:05:53,102",
            "thread_id": "812",
            "caller": "0x7ffeaa9b785a",
            "parentcaller": "0x7ffeaa9b7722",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000268"
              }
            ],
            "repeated": 0,
            "id": 397
          },
          {
            "timestamp": "2026-04-16 20:05:53,102",
            "thread_id": "812",
            "caller": "0x7ffeaa9b7760",
            "parentcaller": "0x7ffeaa98c766",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000264"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": "LocalIntranet"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets\\LocalIntranet"
              }
            ],
            "repeated": 0,
            "id": 398
          },
          {
            "timestamp": "2026-04-16 20:05:53,102",
            "thread_id": "812",
            "caller": "0x7ffeaa9b7662",
            "parentcaller": "0x7ffeaa98c766",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000264"
              },
              {
                "name": "SubKey",
                "value": "LocalIntranet"
              },
              {
                "name": "Handle",
                "value": "0x00000268"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets\\LocalIntranet"
              }
            ],
            "repeated": 0,
            "id": 399
          },
          {
            "timestamp": "2026-04-16 20:05:53,102",
            "thread_id": "812",
            "caller": "0x7ffeaa9b76aa",
            "parentcaller": "0x7ffeaa98c766",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000268"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "MediaPermission"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets\\LocalIntranet\\MediaPermission"
              }
            ],
            "repeated": 0,
            "id": 400
          },
          {
            "timestamp": "2026-04-16 20:05:53,102",
            "thread_id": "812",
            "caller": "0x7ffeaa9b7711",
            "parentcaller": "0x7ffeaa98c766",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000268"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": "WebBrowserPermission"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets\\LocalIntranet\\WebBrowserPermission"
              }
            ],
            "repeated": 0,
            "id": 401
          },
          {
            "timestamp": "2026-04-16 20:05:53,102",
            "thread_id": "812",
            "caller": "0x7ffeaa9b7711",
            "parentcaller": "0x7ffeaa98c766",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000268"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets\\LocalIntranet\\"
              }
            ],
            "repeated": 0,
            "id": 402
          },
          {
            "timestamp": "2026-04-16 20:05:53,102",
            "thread_id": "812",
            "caller": "0x7ffeaa9b785a",
            "parentcaller": "0x7ffeaa9b7722",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000268"
              }
            ],
            "repeated": 0,
            "id": 403
          },
          {
            "timestamp": "2026-04-16 20:05:53,102",
            "thread_id": "812",
            "caller": "0x7ffeaa9b7760",
            "parentcaller": "0x7ffeaa98c766",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000264"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets\\"
              }
            ],
            "repeated": 0,
            "id": 404
          },
          {
            "timestamp": "2026-04-16 20:05:53,102",
            "thread_id": "812",
            "caller": "0x7ffeaa9b785a",
            "parentcaller": "0x7ffeaa9b7797",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000264"
              }
            ],
            "repeated": 0,
            "id": 405
          },
          {
            "timestamp": "2026-04-16 20:05:53,102",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00bbf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 406
          },
          {
            "timestamp": "2026-04-16 20:05:53,102",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00bc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 407
          },
          {
            "timestamp": "2026-04-16 20:05:53,102",
            "thread_id": "812",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 408
          },
          {
            "timestamp": "2026-04-16 20:05:53,102",
            "thread_id": "812",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 409
          },
          {
            "timestamp": "2026-04-16 20:05:53,118",
            "thread_id": "812",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 410
          },
          {
            "timestamp": "2026-04-16 20:05:53,118",
            "thread_id": "812",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 411
          },
          {
            "timestamp": "2026-04-16 20:05:53,118",
            "thread_id": "812",
            "caller": "0x7ffefc5eb14b",
            "parentcaller": "0x7ffeaa9b0a7d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000264"
              }
            ],
            "repeated": 0,
            "id": 412
          },
          {
            "timestamp": "2026-04-16 20:05:53,118",
            "thread_id": "812",
            "caller": "0x7ffefc5dac8b",
            "parentcaller": "0x7ffeaa9b0828",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 413
          },
          {
            "timestamp": "2026-04-16 20:05:53,118",
            "thread_id": "812",
            "caller": "0x7ffefc5dac8b",
            "parentcaller": "0x7ffeaa9b0882",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\x10\\xba\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 414
          },
          {
            "timestamp": "2026-04-16 20:05:53,118",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa9a9c4e",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "advapi32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefd720000"
              }
            ],
            "repeated": 0,
            "id": 415
          },
          {
            "timestamp": "2026-04-16 20:05:53,118",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa9a9c4e",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffefd720000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "advapi32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 416
          },
          {
            "timestamp": "2026-04-16 20:05:53,118",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9b08c0",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "ConvertSidToStringSidW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd735900"
              }
            ],
            "repeated": 0,
            "id": 417
          },
          {
            "timestamp": "2026-04-16 20:05:53,118",
            "thread_id": "812",
            "caller": "0x7ffeaa9b0b84",
            "parentcaller": "0x7ffeaa9b0ec4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000268"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 418
          },
          {
            "timestamp": "2026-04-16 20:05:53,118",
            "thread_id": "812",
            "caller": "0x7ffeaa9b0b9f",
            "parentcaller": "0x7ffeaa9b0ec4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000268"
              }
            ],
            "repeated": 0,
            "id": 419
          },
          {
            "timestamp": "2026-04-16 20:05:53,118",
            "thread_id": "812",
            "caller": "0x7ffefc5da405",
            "parentcaller": "0x7ffeaa9b0bd0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000264"
              }
            ],
            "repeated": 0,
            "id": 420
          },
          {
            "timestamp": "2026-04-16 20:05:53,118",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa9a9c4e",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\shell32"
              },
              {
                "name": "DllBase",
                "value": "0x7ffefdbe0000"
              }
            ],
            "repeated": 0,
            "id": 421
          },
          {
            "timestamp": "2026-04-16 20:05:53,118",
            "thread_id": "812",
            "caller": "0x7ffefe8b7c36",
            "parentcaller": "0x7ffefe88de37",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 3,
            "id": 422
          },
          {
            "timestamp": "2026-04-16 20:05:53,306",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa9a9c4e",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefdbe0000"
              }
            ],
            "repeated": 0,
            "id": 423
          },
          {
            "timestamp": "2026-04-16 20:05:53,306",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa9a9c4e",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffefdbe0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 424
          },
          {
            "timestamp": "2026-04-16 20:05:53,306",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9a18fd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "shell32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefdbe0000"
              },
              {
                "name": "FunctionName",
                "value": "SHGetFolderPathW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefdc20180"
              }
            ],
            "repeated": 0,
            "id": 425
          },
          {
            "timestamp": "2026-04-16 20:05:53,306",
            "thread_id": "812",
            "caller": "0x7ffeaa9a18b7",
            "parentcaller": "0x7ffeaa9b0ef0",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\Wldp"
              },
              {
                "name": "DllBase",
                "value": "0x7ffefb900000"
              }
            ],
            "repeated": 0,
            "id": 426
          },
          {
            "timestamp": "2026-04-16 20:05:53,306",
            "thread_id": "812",
            "caller": "0x7ffeaa9a18b7",
            "parentcaller": "0x7ffeaa9b0ef0",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\windows.storage"
              },
              {
                "name": "DllBase",
                "value": "0x7ffefa080000"
              }
            ],
            "repeated": 0,
            "id": 427
          },
          {
            "timestamp": "2026-04-16 20:05:53,399",
            "thread_id": "812",
            "caller": "0x7ffefc5c5dae",
            "parentcaller": "0x7ffefb90113d",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\SHCORE"
              },
              {
                "name": "DllBase",
                "value": "0x7ffefe330000"
              }
            ],
            "repeated": 0,
            "id": 428
          },
          {
            "timestamp": "2026-04-16 20:05:53,399",
            "thread_id": "812",
            "caller": "0x7ffefe8b7c36",
            "parentcaller": "0x7ffefe88de37",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 429
          },
          {
            "timestamp": "2026-04-16 20:05:53,446",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffefc5f06f8",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefe3e0000"
              }
            ],
            "repeated": 0,
            "id": 430
          },
          {
            "timestamp": "2026-04-16 20:05:53,446",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffefc5f06f8",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\profapi"
              },
              {
                "name": "DllBase",
                "value": "0x7ffefbeb0000"
              }
            ],
            "repeated": 0,
            "id": 431
          },
          {
            "timestamp": "2026-04-16 20:05:53,462",
            "thread_id": "812",
            "caller": "0x7ffefa1a6d7b",
            "parentcaller": "0x7ffefa1a6594",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 432
          },
          {
            "timestamp": "2026-04-16 20:05:53,462",
            "thread_id": "812",
            "caller": "0x7ffefa1a6d7b",
            "parentcaller": "0x7ffefa1a6594",
            "category": "filesystem",
            "api": "SHGetFolderPathW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Folder",
                "value": "0x0000801a",
                "pretty_value": "CSIDL_FLAG_CREATE|CSIDL_APPDATA"
              },
              {
                "name": "Path",
                "value": "C:\\Users\\cape\\AppData\\Roaming"
              }
            ],
            "repeated": 0,
            "id": 433
          },
          {
            "timestamp": "2026-04-16 20:05:53,462",
            "thread_id": "812",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 434
          },
          {
            "timestamp": "2026-04-16 20:05:53,462",
            "thread_id": "812",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 435
          },
          {
            "timestamp": "2026-04-16 20:05:53,540",
            "thread_id": "812",
            "caller": "0x7ffeaa9ca79b",
            "parentcaller": "0x7ffeaa84ef33",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework\\v2.0.50727\\Security\\Policy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\v2.0.50727\\Security\\Policy"
              }
            ],
            "repeated": 0,
            "id": 436
          },
          {
            "timestamp": "2026-04-16 20:05:53,540",
            "thread_id": "812",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffefc5e2d56",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              }
            ],
            "repeated": 0,
            "id": 437
          },
          {
            "timestamp": "2026-04-16 20:05:53,540",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaaa14ede",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "FlushProcessWriteBuffers"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe8eed20"
              }
            ],
            "repeated": 0,
            "id": 438
          },
          {
            "timestamp": "2026-04-16 20:05:53,556",
            "thread_id": "812",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffeaa9c18a4",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "Kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              }
            ],
            "repeated": 0,
            "id": 439
          },
          {
            "timestamp": "2026-04-16 20:05:53,556",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9c18bc",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetWriteWatch"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3f5bd0"
              }
            ],
            "repeated": 0,
            "id": 440
          },
          {
            "timestamp": "2026-04-16 20:05:53,556",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9c18cf",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "ResetWriteWatch"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3f7b40"
              }
            ],
            "repeated": 0,
            "id": 441
          },
          {
            "timestamp": "2026-04-16 20:05:53,556",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00cf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 442
          },
          {
            "timestamp": "2026-04-16 20:05:53,556",
            "thread_id": "812",
            "caller": "0x7ffefc6133f2",
            "parentcaller": "0x7ffeaacd2660",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00cf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 443
          },
          {
            "timestamp": "2026-04-16 20:05:53,556",
            "thread_id": "812",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffeaa9e7c14",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "Kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              }
            ],
            "repeated": 0,
            "id": 444
          },
          {
            "timestamp": "2026-04-16 20:05:53,556",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9e7c2c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateMemoryResourceNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe4008e0"
              }
            ],
            "repeated": 0,
            "id": 445
          },
          {
            "timestamp": "2026-04-16 20:05:53,556",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9e7c3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "QueryMemoryResourceNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe41adb0"
              }
            ],
            "repeated": 0,
            "id": 446
          },
          {
            "timestamp": "2026-04-16 20:05:53,556",
            "thread_id": "812",
            "caller": "0x7ffefc62bde0",
            "parentcaller": "0x7ffeaa9e7c54",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "EventName",
                "value": "\\KernelObjects\\LowMemoryCondition"
              }
            ],
            "repeated": 0,
            "id": 447
          },
          {
            "timestamp": "2026-04-16 20:05:53,556",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05310000"
              },
              {
                "name": "RegionSize",
                "value": "0x18000000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 448
          },
          {
            "timestamp": "2026-04-16 20:05:53,556",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1d310000"
              },
              {
                "name": "RegionSize",
                "value": "0x006d0000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 449
          },
          {
            "timestamp": "2026-04-16 20:05:53,571",
            "thread_id": "812",
            "caller": "0x7ffefe8ec82e",
            "parentcaller": "0x7ffefe87eeee",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1d9e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00103000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 450
          },
          {
            "timestamp": "2026-04-16 20:05:53,571",
            "thread_id": "812",
            "caller": "0x7ffefe859b1a",
            "parentcaller": "0x7ffefe8ec84b",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1d9e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 451
          },
          {
            "timestamp": "2026-04-16 20:05:53,571",
            "thread_id": "812",
            "caller": "0x7ffefe859b1a",
            "parentcaller": "0x7ffefe8ec87b",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dae2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 452
          },
          {
            "timestamp": "2026-04-16 20:05:53,571",
            "thread_id": "812",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffeaa84be94",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              }
            ],
            "repeated": 0,
            "id": 453
          },
          {
            "timestamp": "2026-04-16 20:05:53,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9c7332",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GlobalMemoryStatusEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe400530"
              }
            ],
            "repeated": 0,
            "id": 454
          },
          {
            "timestamp": "2026-04-16 20:05:53,571",
            "thread_id": "812",
            "caller": "0x7ffeaa9c7349",
            "parentcaller": "0x7ffeaacb7a79",
            "category": "misc",
            "api": "GlobalMemoryStatusEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MemoryLoad",
                "value": "23"
              },
              {
                "name": "TotalPhysicalMB",
                "value": "8191"
              }
            ],
            "repeated": 0,
            "id": 455
          },
          {
            "timestamp": "2026-04-16 20:05:53,571",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05310000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 456
          },
          {
            "timestamp": "2026-04-16 20:05:53,602",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x15310000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 457
          },
          {
            "timestamp": "2026-04-16 20:05:53,602",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00bc8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 458
          },
          {
            "timestamp": "2026-04-16 20:05:53,602",
            "thread_id": "812",
            "caller": "0x7ffefc5e55ef",
            "parentcaller": "0x7ffefe3fb5dd",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000031c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00bb73e0"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "1216"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              },
              {
                "name": "Module",
                "value": "mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 459
          },
          {
            "timestamp": "2026-04-16 20:05:53,602",
            "thread_id": "812",
            "caller": "0x7ffefc5e55ef",
            "parentcaller": "0x7ffefe3fb5dd",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x0000031c",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00bb73e0"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "1216"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 460
          },
          {
            "timestamp": "2026-04-16 20:05:53,602",
            "thread_id": "812",
            "caller": "0x7ffefc627bc0",
            "parentcaller": "0x7ffeaaca89a2",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000031c"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "1216"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 461
          },
          {
            "timestamp": "2026-04-16 20:05:53,618",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00bc9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 462
          },
          {
            "timestamp": "2026-04-16 20:05:53,618",
            "thread_id": "812",
            "caller": "0x7ffefe3fc155",
            "parentcaller": "0x7ffeaa87c315",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 463
          },
          {
            "timestamp": "2026-04-16 20:05:53,618",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00bca000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 464
          },
          {
            "timestamp": "2026-04-16 20:05:53,618",
            "thread_id": "812",
            "caller": "0x7ffeaa97be1e",
            "parentcaller": "0x7ffeaa96adea",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64"
              },
              {
                "name": "Handle",
                "value": "0x00000324"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64"
              }
            ],
            "repeated": 0,
            "id": 465
          },
          {
            "timestamp": "2026-04-16 20:05:53,618",
            "thread_id": "812",
            "caller": "0x7ffeaa9b5aed",
            "parentcaller": "0x7ffeaa96ae24",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000324"
              },
              {
                "name": "ValueName",
                "value": "LatestIndex"
              },
              {
                "name": "Data",
                "value": "12"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\LatestIndex"
              }
            ],
            "repeated": 0,
            "id": 466
          },
          {
            "timestamp": "2026-04-16 20:05:53,618",
            "thread_id": "812",
            "caller": "0x7ffeaa97be1e",
            "parentcaller": "0x7ffeaa97bf49",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64"
              },
              {
                "name": "Handle",
                "value": "0x00000328"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64"
              }
            ],
            "repeated": 0,
            "id": 467
          },
          {
            "timestamp": "2026-04-16 20:05:53,618",
            "thread_id": "812",
            "caller": "0x7ffeaa9b5aed",
            "parentcaller": "0x7ffeaa97bf91",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000328"
              },
              {
                "name": "ValueName",
                "value": "LatestIndex"
              },
              {
                "name": "Data",
                "value": "12"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\LatestIndex"
              }
            ],
            "repeated": 0,
            "id": 468
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000032c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\indexc.dat"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 469
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffeaa97c068",
            "parentcaller": "0x7ffeaa84d880",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000328"
              },
              {
                "name": "SubKey",
                "value": "indexc"
              },
              {
                "name": "Handle",
                "value": "0x00000334"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\indexc"
              }
            ],
            "repeated": 0,
            "id": 470
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa97c099",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000334"
              },
              {
                "name": "ValueName",
                "value": "NIUsageMask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xe1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\indexc\\NIUsageMask"
              }
            ],
            "repeated": 0,
            "id": 471
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa97c0cf",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000334"
              },
              {
                "name": "ValueName",
                "value": "ILUsageMask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xff\\xff\\xf1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\indexc\\ILUsageMask"
              }
            ],
            "repeated": 0,
            "id": 472
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffeaa97c0ef",
            "parentcaller": "0x7ffeaa84d880",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000334"
              }
            ],
            "repeated": 0,
            "id": 473
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffeaa8522a8",
            "parentcaller": "0x7ffeaa9a609f",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000324"
              }
            ],
            "repeated": 0,
            "id": 474
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffeaa95a730",
            "parentcaller": "0x7ffeaa95a49c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000328"
              },
              {
                "name": "SubKey",
                "value": "NI\\181938c6\\7950e2c5"
              },
              {
                "name": "Handle",
                "value": "0x00000324"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5"
              }
            ],
            "repeated": 0,
            "id": 475
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffeaa95a76c",
            "parentcaller": "0x7ffeaa95a49c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000324"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "1"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1"
              }
            ],
            "repeated": 0,
            "id": 476
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffeaa95a7e1",
            "parentcaller": "0x7ffeaa95a49c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000324"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\"
              }
            ],
            "repeated": 0,
            "id": 477
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffeaa95a7f5",
            "parentcaller": "0x7ffeaa95a49c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000324"
              }
            ],
            "repeated": 0,
            "id": 478
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffeaa8970de",
            "parentcaller": "0x7ffeaa936bcd",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000328"
              },
              {
                "name": "SubKey",
                "value": "NI\\181938c6\\7950e2c5\\1"
              },
              {
                "name": "Handle",
                "value": "0x00000324"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1"
              }
            ],
            "repeated": 0,
            "id": 479
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897146",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000324"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "mscorlib,2.0.0.0,,b77a5c561934e089"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 480
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa8971a4",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000324"
              },
              {
                "name": "ValueName",
                "value": "ConfigMask"
              },
              {
                "name": "Data",
                "value": "4361"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\ConfigMask"
              }
            ],
            "repeated": 0,
            "id": 481
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa89720a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000324"
              },
              {
                "name": "ValueName",
                "value": "ConfigString"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\ConfigString"
              }
            ],
            "repeated": 0,
            "id": 482
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897273",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000324"
              },
              {
                "name": "ValueName",
                "value": "MVID"
              },
              {
                "name": "Data",
                "value": "\\xc3\\x8er,\\xd7\\xd5\\xb0\\xe8\\x93&\\xeeM\\xd7\\xec\\xcc\\x9f"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\MVID"
              }
            ],
            "repeated": 0,
            "id": 483
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffeaa897578",
            "parentcaller": "0x7ffeaa936bcd",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000324"
              }
            ],
            "repeated": 0,
            "id": 484
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffeaa8970de",
            "parentcaller": "0x7ffeaa936bcd",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000328"
              },
              {
                "name": "SubKey",
                "value": "NI\\181938c6\\7950e2c5\\1"
              },
              {
                "name": "Handle",
                "value": "0x00000324"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1"
              }
            ],
            "repeated": 0,
            "id": 485
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897318",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000324"
              },
              {
                "name": "ValueName",
                "value": "EvalationData"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\EvalationData"
              }
            ],
            "repeated": 0,
            "id": 486
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa89734b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000324"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\Status"
              }
            ],
            "repeated": 0,
            "id": 487
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897393",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000324"
              },
              {
                "name": "ValueName",
                "value": "ILDependencies"
              },
              {
                "name": "Data",
                "value": "\\xc5\\xe2Py\\x11\\x96\\x15@\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\ILDependencies"
              }
            ],
            "repeated": 0,
            "id": 488
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa89746f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000324"
              },
              {
                "name": "ValueName",
                "value": "NIDependencies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\NIDependencies"
              }
            ],
            "repeated": 0,
            "id": 489
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897550",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000324"
              },
              {
                "name": "ValueName",
                "value": "MissingDependencies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\MissingDependencies"
              }
            ],
            "repeated": 0,
            "id": 490
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffeaa897578",
            "parentcaller": "0x7ffeaa936bcd",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000324"
              }
            ],
            "repeated": 0,
            "id": 491
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffeaa897812",
            "parentcaller": "0x7ffeaa9444d0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000328"
              },
              {
                "name": "SubKey",
                "value": "IL\\7950e2c5\\40159611\\1"
              },
              {
                "name": "Handle",
                "value": "0x00000330"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\40159611\\1"
              }
            ],
            "repeated": 0,
            "id": 492
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa89786b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000330"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "mscorlib,2.0.0.0,,b77a5c561934e089"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\40159611\\1\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 493
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa8978bd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000330"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "16390"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\40159611\\1\\Status"
              }
            ],
            "repeated": 0,
            "id": 494
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897944",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000330"
              },
              {
                "name": "ValueName",
                "value": "Modules"
              },
              {
                "name": "Data",
                "value": "sortkey.nlp|sorttbls.nlp|big5.nlp|bopomofo.nlp|ksc.nlp|prc.nlp|prcp.nlp|xjis.nlp|normidna.nlp|normnfc.nlp|normnfd.nlp|normnfkc.nlp|normnfkd.nlp"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\40159611\\1\\Modules"
              }
            ],
            "repeated": 0,
            "id": 495
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897988",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000330"
              },
              {
                "name": "ValueName",
                "value": "SIG"
              },
              {
                "name": "Data",
                "value": ")\\xe4\\x94\\xdcy\\xcd\\x12A\\xb2\t/]\\xdaW\\x95`\\xfe\\x18KOEToK~\\xf9R\\xf3\\xdb+.\\x1d\\xd3nQc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\40159611\\1\\SIG"
              }
            ],
            "repeated": 0,
            "id": 496
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897a0e",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000330"
              },
              {
                "name": "ValueName",
                "value": "LastModTime"
              },
              {
                "name": "Data",
                "value": "3\\xf5\\xd6\\xf6\\x06\\xac\\xdc\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\40159611\\1\\LastModTime"
              }
            ],
            "repeated": 0,
            "id": 497
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffeaa897a49",
            "parentcaller": "0x7ffeaa9444d0",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000330"
              }
            ],
            "repeated": 0,
            "id": 498
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffeaa9af4e2",
            "parentcaller": "0x7ffeaa97b86e",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Fusion\\GACChangeNotification\\Default"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "Handle",
                "value": "0x00000330"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion\\GACChangeNotification\\Default"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 499
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffeaa97b7a0",
            "parentcaller": "0x7ffeaa97b8b8",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000330"
              },
              {
                "name": "ValueName",
                "value": "mscorlib,2.0.0.0,,b77a5c561934e089,AMD64"
              },
              {
                "name": "Data",
                "value": "3\\xf5\\xd6\\xf6\\x06\\xac\\xdc\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\mscorlib,2.0.0.0,,b77a5c561934e089,AMD64"
              }
            ],
            "repeated": 0,
            "id": 500
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00bcc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 501
          },
          {
            "timestamp": "2026-04-16 20:05:53,634",
            "thread_id": "812",
            "caller": "0x7ffefe3fc155",
            "parentcaller": "0x7ffeaa87c315",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 502
          },
          {
            "timestamp": "2026-04-16 20:05:53,649",
            "thread_id": "1216",
            "caller": "0x7ffefe8aeaa2",
            "parentcaller": "0x7ffefe8677c3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000038"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 1,
            "id": 503
          },
          {
            "timestamp": "2026-04-16 20:05:53,727",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa96e299",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\mscorlib\\c38e722cd7d5b0e89326ee4dd7eccc9f\\mscorlib.ni"
              },
              {
                "name": "DllBase",
                "value": "0x7ffea9620000"
              }
            ],
            "repeated": 0,
            "id": 504
          },
          {
            "timestamp": "2026-04-16 20:05:53,743",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa96e299",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\mscorlib\\c38e722cd7d5b0e89326ee4dd7eccc9f\\mscorlib.ni.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffea9620000"
              }
            ],
            "repeated": 0,
            "id": 505
          },
          {
            "timestamp": "2026-04-16 20:05:53,743",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa96e299",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffea9620000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\mscorlib\\c38e722cd7d5b0e89326ee4dd7eccc9f\\mscorlib.ni.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 506
          },
          {
            "timestamp": "2026-04-16 20:05:53,743",
            "thread_id": "1216",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00bce000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 507
          },
          {
            "timestamp": "2026-04-16 20:05:53,743",
            "thread_id": "1216",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffefc5e2d56",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              }
            ],
            "repeated": 0,
            "id": 508
          },
          {
            "timestamp": "2026-04-16 20:05:53,743",
            "thread_id": "1216",
            "caller": "0x7ffefe8c4fed",
            "parentcaller": "0x7ffefe8c4bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 509
          },
          {
            "timestamp": "2026-04-16 20:05:53,743",
            "thread_id": "1216",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00bb73e0"
              }
            ],
            "repeated": 0,
            "id": 510
          },
          {
            "timestamp": "2026-04-16 20:05:53,743",
            "thread_id": "1216",
            "caller": "0x7ffeaacb620d",
            "parentcaller": "0x7ffeaa87894f",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "16384"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 511
          },
          {
            "timestamp": "2026-04-16 20:05:53,743",
            "thread_id": "1216",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaa878a03",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1daf1000"
              },
              {
                "name": "RegionSize",
                "value": "0x000f6000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 512
          },
          {
            "timestamp": "2026-04-16 20:05:53,743",
            "thread_id": "1216",
            "caller": "0x7ffefc5d1ace",
            "parentcaller": "0x7ffeaa8a9840",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 513
          },
          {
            "timestamp": "2026-04-16 20:05:53,868",
            "thread_id": "812",
            "caller": "0x7ffefe3fc155",
            "parentcaller": "0x7ffeaa87c315",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 3,
            "id": 514
          },
          {
            "timestamp": "2026-04-16 20:05:53,884",
            "thread_id": "812",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffeaa95dc8e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "MSCORWKS.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeaa720000"
              }
            ],
            "repeated": 0,
            "id": 515
          },
          {
            "timestamp": "2026-04-16 20:05:53,884",
            "thread_id": "812",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffeaa95dc8e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "mscorjit.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeaa720000"
              }
            ],
            "repeated": 0,
            "id": 516
          },
          {
            "timestamp": "2026-04-16 20:05:53,884",
            "thread_id": "812",
            "caller": "0x7ffefc5e147c",
            "parentcaller": "0x7ffeaa95e37e",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\mscorlib.INI"
              }
            ],
            "repeated": 0,
            "id": 517
          },
          {
            "timestamp": "2026-04-16 20:05:53,884",
            "thread_id": "812",
            "caller": "0x7ffefc626bdf",
            "parentcaller": "0x7ffeaa9c9410",
            "category": "synchronization",
            "api": "NtOpenMutant",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x7ffeaaf1971a"
              },
              {
                "name": "MutexName",
                "value": "Global\\CLR_CASOFF_MUTEX"
              }
            ],
            "repeated": 0,
            "id": 518
          },
          {
            "timestamp": "2026-04-16 20:05:53,899",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b100000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 519
          },
          {
            "timestamp": "2026-04-16 20:05:53,899",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00bd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 520
          },
          {
            "timestamp": "2026-04-16 20:05:53,946",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b052000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 521
          },
          {
            "timestamp": "2026-04-16 20:05:53,962",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x15312000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 522
          },
          {
            "timestamp": "2026-04-16 20:05:53,977",
            "thread_id": "812",
            "caller": "0x7ffefc5d1ace",
            "parentcaller": "0x7ffeaa85a7d2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 523
          },
          {
            "timestamp": "2026-04-16 20:05:53,977",
            "thread_id": "812",
            "caller": "0x7ffefc5d1ace",
            "parentcaller": "0x7ffeaa85a7d2",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000024c"
              },
              {
                "name": "Milliseconds",
                "value": "3000"
              }
            ],
            "repeated": 0,
            "id": 524
          },
          {
            "timestamp": "2026-04-16 20:05:53,977",
            "thread_id": "812",
            "caller": "0x7ffefc5e4ced",
            "parentcaller": "0x7ffeaa98e027",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000024c"
              }
            ],
            "repeated": 0,
            "id": 525
          },
          {
            "timestamp": "2026-04-16 20:05:53,977",
            "thread_id": "812",
            "caller": "0x7ffefe3fc155",
            "parentcaller": "0x7ffeaa87c315",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 526
          },
          {
            "timestamp": "2026-04-16 20:05:53,977",
            "thread_id": "812",
            "caller": "0x7ffefc5dc045",
            "parentcaller": "0x7ffefe3e693f",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe"
              }
            ],
            "repeated": 0,
            "id": 527
          },
          {
            "timestamp": "2026-04-16 20:05:53,977",
            "thread_id": "812",
            "caller": "0x7ffefc5e147c",
            "parentcaller": "0x7ffefe3e6a9c",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00b85200",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x3a6eea36"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 528
          },
          {
            "timestamp": "2026-04-16 20:05:53,977",
            "thread_id": "812",
            "caller": "0x7ffefc5c777d",
            "parentcaller": "0x7ffefe3e6ab9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000334"
              }
            ],
            "repeated": 0,
            "id": 529
          },
          {
            "timestamp": "2026-04-16 20:05:53,977",
            "thread_id": "812",
            "caller": "0x7ffefc5e147c",
            "parentcaller": "0x7ffefe3e6a9c",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00b85200",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb450bd8e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 530
          },
          {
            "timestamp": "2026-04-16 20:05:53,977",
            "thread_id": "812",
            "caller": "0x7ffefc5c777d",
            "parentcaller": "0x7ffefe3e6ab9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000334"
              }
            ],
            "repeated": 0,
            "id": 531
          },
          {
            "timestamp": "2026-04-16 20:05:53,977",
            "thread_id": "812",
            "caller": "0x7ffefc5e147c",
            "parentcaller": "0x7ffefe3e6a9c",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00b85200",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb45caeb0"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 532
          },
          {
            "timestamp": "2026-04-16 20:05:53,977",
            "thread_id": "812",
            "caller": "0x7ffefc5c777d",
            "parentcaller": "0x7ffefe3e6ab9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000334"
              }
            ],
            "repeated": 0,
            "id": 533
          },
          {
            "timestamp": "2026-04-16 20:05:53,977",
            "thread_id": "812",
            "caller": "0x7ffefc5e147c",
            "parentcaller": "0x7ffefe3e6a9c",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00b85200",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb45f137b"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 534
          },
          {
            "timestamp": "2026-04-16 20:05:53,977",
            "thread_id": "812",
            "caller": "0x7ffefc5c777d",
            "parentcaller": "0x7ffefe3e6ab9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000334"
              }
            ],
            "repeated": 0,
            "id": 535
          },
          {
            "timestamp": "2026-04-16 20:05:53,977",
            "thread_id": "812",
            "caller": "0x7ffefc5e147c",
            "parentcaller": "0x7ffefe3e6a9c",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00b85200",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb45f137b"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 536
          },
          {
            "timestamp": "2026-04-16 20:05:53,977",
            "thread_id": "812",
            "caller": "0x7ffefc5c777d",
            "parentcaller": "0x7ffefe3e6ab9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000334"
              }
            ],
            "repeated": 0,
            "id": 537
          },
          {
            "timestamp": "2026-04-16 20:05:53,977",
            "thread_id": "812",
            "caller": "0x7ffefe3fc155",
            "parentcaller": "0x7ffeaa87c315",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 538
          },
          {
            "timestamp": "2026-04-16 20:05:53,977",
            "thread_id": "812",
            "caller": "0x7ffefc5dc045",
            "parentcaller": "0x7ffefe3e646f",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe"
              }
            ],
            "repeated": 0,
            "id": 539
          },
          {
            "timestamp": "2026-04-16 20:05:53,977",
            "thread_id": "812",
            "caller": "0x7ffefc5e147c",
            "parentcaller": "0x7ffefe3e65ec",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00b85200",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x581c20f8"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcacc6"
              }
            ],
            "repeated": 0,
            "id": 540
          },
          {
            "timestamp": "2026-04-16 20:05:53,977",
            "thread_id": "812",
            "caller": "0x7ffefc5c777d",
            "parentcaller": "0x7ffefe3e6609",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000334"
              }
            ],
            "repeated": 0,
            "id": 541
          },
          {
            "timestamp": "2026-04-16 20:05:53,977",
            "thread_id": "812",
            "caller": "0x7ffefe3fc155",
            "parentcaller": "0x7ffeaa87c315",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 2,
            "id": 542
          },
          {
            "timestamp": "2026-04-16 20:05:53,977",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa96e299",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\ole32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 543
          },
          {
            "timestamp": "2026-04-16 20:05:53,977",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa96e299",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\ole32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 544
          },
          {
            "timestamp": "2026-04-16 20:05:53,977",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffefc5e3321",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ole32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefd110000"
              }
            ],
            "repeated": 0,
            "id": 545
          },
          {
            "timestamp": "2026-04-16 20:05:53,977",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffefc5e3321",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffefd110000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ole32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 546
          },
          {
            "timestamp": "2026-04-16 20:05:53,977",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaacedd37",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd110000"
              },
              {
                "name": "FunctionName",
                "value": "CoInitializeEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefccde0a0"
              }
            ],
            "repeated": 0,
            "id": 547
          },
          {
            "timestamp": "2026-04-16 20:05:53,977",
            "thread_id": "812",
            "caller": "0x7ffefc6124c6",
            "parentcaller": "0x7ffefcd5f190",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\rpcss.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeab0726d4"
              }
            ],
            "repeated": 0,
            "id": 548
          },
          {
            "timestamp": "2026-04-16 20:05:53,977",
            "thread_id": "812",
            "caller": "0x7ffefcd5eb84",
            "parentcaller": "0x7ffefcd5eb06",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "0",
                "pretty_value": "FILE_SUPERSEDE"
              }
            ],
            "repeated": 0,
            "id": 549
          },
          {
            "timestamp": "2026-04-16 20:05:53,977",
            "thread_id": "812",
            "caller": "0x7ffefe897870",
            "parentcaller": "0x7ffefe8820f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefcfe1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 550
          },
          {
            "timestamp": "2026-04-16 20:05:53,977",
            "thread_id": "812",
            "caller": "0x7ffefe8978c1",
            "parentcaller": "0x7ffefe8820f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefcfe1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 551
          },
          {
            "timestamp": "2026-04-16 20:05:54,009",
            "thread_id": "812",
            "caller": "0x7ffefe90e5a7",
            "parentcaller": "0x7ffefe86faf7",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 552
          },
          {
            "timestamp": "2026-04-16 20:05:54,009",
            "thread_id": "812",
            "caller": "0x7ffefe865157",
            "parentcaller": "0x7ffefe8643ea",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000033c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "bcryptPrimitives.dll"
              }
            ],
            "repeated": 0,
            "id": 553
          },
          {
            "timestamp": "2026-04-16 20:05:54,009",
            "thread_id": "812",
            "caller": "0x7ffefe864d42",
            "parentcaller": "0x7ffefe864aaa",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000033c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefc380000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00082000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 554
          },
          {
            "timestamp": "2026-04-16 20:05:54,009",
            "thread_id": "812",
            "caller": "0x7ffefe865082",
            "parentcaller": "0x7ffefe8679d2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefc3e7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 555
          },
          {
            "timestamp": "2026-04-16 20:05:54,009",
            "thread_id": "812",
            "caller": "0x7ffefe864485",
            "parentcaller": "0x7ffefe8bb22d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 556
          },
          {
            "timestamp": "2026-04-16 20:05:54,024",
            "thread_id": "812",
            "caller": "0x7ffefe897bec",
            "parentcaller": "0x7ffefe88288a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefc3e7000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 557
          },
          {
            "timestamp": "2026-04-16 20:05:54,024",
            "thread_id": "812",
            "caller": "0x7ffefe897bec",
            "parentcaller": "0x7ffefe88288a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\bcryptPrimitives"
              },
              {
                "name": "DllBase",
                "value": "0x7ffefc380000"
              }
            ],
            "repeated": 0,
            "id": 558
          },
          {
            "timestamp": "2026-04-16 20:05:54,024",
            "thread_id": "812",
            "caller": "0x7ffefc3b9032",
            "parentcaller": "0x7ffefc3985a4",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 559
          },
          {
            "timestamp": "2026-04-16 20:05:54,024",
            "thread_id": "812",
            "caller": "0x7ffefc3b9065",
            "parentcaller": "0x7ffefc3985a4",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "STE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE"
              }
            ],
            "repeated": 0,
            "id": 560
          },
          {
            "timestamp": "2026-04-16 20:05:54,024",
            "thread_id": "812",
            "caller": "0x7ffefc3b9099",
            "parentcaller": "0x7ffefc3985a4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 561
          },
          {
            "timestamp": "2026-04-16 20:05:54,024",
            "thread_id": "812",
            "caller": "0x7ffefc398a04",
            "parentcaller": "0x7ffefc398885",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 562
          },
          {
            "timestamp": "2026-04-16 20:05:54,024",
            "thread_id": "812",
            "caller": "0x7ffefc398a42",
            "parentcaller": "0x7ffefc398885",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "Enabled"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled"
              }
            ],
            "repeated": 0,
            "id": 563
          },
          {
            "timestamp": "2026-04-16 20:05:54,024",
            "thread_id": "812",
            "caller": "0x7ffefc398b03",
            "parentcaller": "0x7ffefc398885",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000034c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa"
              }
            ],
            "repeated": 0,
            "id": 564
          },
          {
            "timestamp": "2026-04-16 20:05:54,024",
            "thread_id": "812",
            "caller": "0x7ffefc398b43",
            "parentcaller": "0x7ffefc398885",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000034c"
              },
              {
                "name": "ValueName",
                "value": "FipsAlgorithmPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 565
          },
          {
            "timestamp": "2026-04-16 20:05:54,024",
            "thread_id": "812",
            "caller": "0x7ffefc398be5",
            "parentcaller": "0x7ffefc398885",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000348"
              },
              {
                "name": "ValueName",
                "value": "MDMEnabled"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled"
              }
            ],
            "repeated": 0,
            "id": 566
          },
          {
            "timestamp": "2026-04-16 20:05:54,024",
            "thread_id": "812",
            "caller": "0x7ffefc398c3b",
            "parentcaller": "0x7ffefc398885",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 567
          },
          {
            "timestamp": "2026-04-16 20:05:54,024",
            "thread_id": "812",
            "caller": "0x7ffefc398c51",
            "parentcaller": "0x7ffefc398885",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              }
            ],
            "repeated": 0,
            "id": 568
          },
          {
            "timestamp": "2026-04-16 20:05:54,024",
            "thread_id": "812",
            "caller": "0x7ffefc3988f1",
            "parentcaller": "0x7ffefc3985fd",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              }
            ],
            "repeated": 0,
            "id": 569
          },
          {
            "timestamp": "2026-04-16 20:05:54,024",
            "thread_id": "812",
            "caller": "0x7ffefc39f1bc",
            "parentcaller": "0x7ffefc39f0ce",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000034c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\Device\\CNG"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 570
          },
          {
            "timestamp": "2026-04-16 20:05:54,024",
            "thread_id": "812",
            "caller": "0x7ffefe3f5611",
            "parentcaller": "0x7ffefc39f10d",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000034c"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390008",
                "pretty_value": "IOCTL_KSEC_RANDOM_FILL_BUFFER"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xf2\\xddv\\xa7jY\\xff\\xeb3aJ]\\xe8\\x15=\\x84\\xef6\\x9a\"5\\x1e\\xf8<;\\x8d\\x0eJ\\xfa\\x07Q\\xd0\\xea\\xc1\\x8c#F*,\\xee\\x8d\\xdb\\xbc3\\xd2-\\x1c\\xb1"
              }
            ],
            "repeated": 0,
            "id": 571
          },
          {
            "timestamp": "2026-04-16 20:05:54,024",
            "thread_id": "812",
            "caller": "0x7ffefe3f5611",
            "parentcaller": "0x7ffefc39f10d",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\bcryptprimitives"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefc380000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ffefc3b8b60"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 572
          },
          {
            "timestamp": "2026-04-16 20:05:54,024",
            "thread_id": "812",
            "caller": "0x7ffefe897870",
            "parentcaller": "0x7ffefe8820f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefe6ad000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 573
          },
          {
            "timestamp": "2026-04-16 20:05:54,024",
            "thread_id": "812",
            "caller": "0x7ffefe8978c1",
            "parentcaller": "0x7ffefe8820f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefe6ad000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 574
          },
          {
            "timestamp": "2026-04-16 20:05:54,024",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00bd4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 575
          },
          {
            "timestamp": "2026-04-16 20:05:54,024",
            "thread_id": "812",
            "caller": "0x7ffefe897870",
            "parentcaller": "0x7ffefe8820f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefcfe1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 576
          },
          {
            "timestamp": "2026-04-16 20:05:54,024",
            "thread_id": "812",
            "caller": "0x7ffefe8978c1",
            "parentcaller": "0x7ffefe8820f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefcfe1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 577
          },
          {
            "timestamp": "2026-04-16 20:05:54,040",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffefda02a87",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\uxtheme"
              },
              {
                "name": "DllBase",
                "value": "0x7ffef9980000"
              }
            ],
            "repeated": 0,
            "id": 578
          },
          {
            "timestamp": "2026-04-16 20:05:54,056",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffefda02a87",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\uxtheme.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffef9980000"
              }
            ],
            "repeated": 0,
            "id": 579
          },
          {
            "timestamp": "2026-04-16 20:05:54,056",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffefda02a87",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffef9980000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\system32\\uxtheme.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 580
          },
          {
            "timestamp": "2026-04-16 20:05:54,056",
            "thread_id": "812",
            "caller": "0x7ffefc5f0821",
            "parentcaller": "0x7ffefda02aeb",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffef9980000"
              },
              {
                "name": "FunctionName",
                "value": "ThemeInitApiHook"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffef9987ce0"
              }
            ],
            "repeated": 0,
            "id": 581
          },
          {
            "timestamp": "2026-04-16 20:05:54,056",
            "thread_id": "812",
            "caller": "0x7ffef9987d20",
            "parentcaller": "0x7ffefda02cbc",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 582
          },
          {
            "timestamp": "2026-04-16 20:05:54,071",
            "thread_id": "812",
            "caller": "0x7ffefe886c8b",
            "parentcaller": "0x7ffefe8667b5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xe1~\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 583
          },
          {
            "timestamp": "2026-04-16 20:05:54,071",
            "thread_id": "812",
            "caller": "0x7ffefe8667ec",
            "parentcaller": "0x7ffefc631590",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000354"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 584
          },
          {
            "timestamp": "2026-04-16 20:05:54,071",
            "thread_id": "812",
            "caller": "0x7ffefc5dfd74",
            "parentcaller": "0x7ffefc5df9a0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000354"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 585
          },
          {
            "timestamp": "2026-04-16 20:05:54,071",
            "thread_id": "812",
            "caller": "0x7ffefc5df9c4",
            "parentcaller": "0x7ffefc5debc1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000358"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000354"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize"
              }
            ],
            "repeated": 0,
            "id": 586
          },
          {
            "timestamp": "2026-04-16 20:05:54,071",
            "thread_id": "812",
            "caller": "0x7ffefc5de614",
            "parentcaller": "0x7ffef99bdb79",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "AppsUseLightTheme"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme"
              }
            ],
            "repeated": 0,
            "id": 587
          },
          {
            "timestamp": "2026-04-16 20:05:54,071",
            "thread_id": "812",
            "caller": "0x7ffefc5de648",
            "parentcaller": "0x7ffef99bdb79",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 588
          },
          {
            "timestamp": "2026-04-16 20:05:54,071",
            "thread_id": "812",
            "caller": "0x7ffef998886c",
            "parentcaller": "0x7ffef99880d1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000354"
              }
            ],
            "repeated": 0,
            "id": 589
          },
          {
            "timestamp": "2026-04-16 20:05:54,071",
            "thread_id": "1216",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa9a9c4e",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ole32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefd110000"
              }
            ],
            "repeated": 0,
            "id": 590
          },
          {
            "timestamp": "2026-04-16 20:05:54,071",
            "thread_id": "1216",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa9a9c4e",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffefd110000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ole32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 591
          },
          {
            "timestamp": "2026-04-16 20:05:54,071",
            "thread_id": "1216",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9a2056",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd110000"
              },
              {
                "name": "FunctionName",
                "value": "CoGetContextToken"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefcd51880"
              }
            ],
            "repeated": 0,
            "id": 592
          },
          {
            "timestamp": "2026-04-16 20:05:54,071",
            "thread_id": "1216",
            "caller": "0x7ffefc5d1ace",
            "parentcaller": "0x7ffeaa8a9840",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 593
          },
          {
            "timestamp": "2026-04-16 20:05:54,071",
            "thread_id": "1216",
            "caller": "0x7ffefc5d1ace",
            "parentcaller": "0x7ffeaa8a9840",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "Milliseconds",
                "value": "2000"
              }
            ],
            "repeated": 0,
            "id": 594
          },
          {
            "timestamp": "2026-04-16 20:05:54,118",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff40def0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00090000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 595
          },
          {
            "timestamp": "2026-04-16 20:05:54,134",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff40def0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 1,
            "id": 596
          },
          {
            "timestamp": "2026-04-16 20:05:54,259",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff40dee0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 597
          },
          {
            "timestamp": "2026-04-16 20:05:54,259",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff40dee0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 598
          },
          {
            "timestamp": "2026-04-16 20:05:54,259",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b10a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 599
          },
          {
            "timestamp": "2026-04-16 20:05:54,259",
            "thread_id": "812",
            "caller": "0x7ffefe8b8466",
            "parentcaller": "0x7ffeaa9aad13",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 600
          },
          {
            "timestamp": "2026-04-16 20:05:54,259",
            "thread_id": "812",
            "caller": "0x7ffefe86354a",
            "parentcaller": "0x7ffefe862252",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefe9d1000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00004000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 601
          },
          {
            "timestamp": "2026-04-16 20:05:54,259",
            "thread_id": "812",
            "caller": "0x7ffefe86354a",
            "parentcaller": "0x7ffefe862296",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefe9d1000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00004000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 602
          },
          {
            "timestamp": "2026-04-16 20:05:54,306",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b042000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 603
          },
          {
            "timestamp": "2026-04-16 20:05:54,306",
            "thread_id": "812",
            "caller": "0x7ffefe3fc155",
            "parentcaller": "0x7ffeaa87c315",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 604
          },
          {
            "timestamp": "2026-04-16 20:05:54,306",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00bdd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 605
          },
          {
            "timestamp": "2026-04-16 20:05:54,368",
            "thread_id": "812",
            "caller": "0x7ffeef0885ef",
            "parentcaller": "0x7ffeef092a2e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework\\Policy\\AppPatch"
              },
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\AppPatch"
              }
            ],
            "repeated": 0,
            "id": 606
          },
          {
            "timestamp": "2026-04-16 20:05:54,368",
            "thread_id": "812",
            "caller": "0x7ffefc5dd3ec",
            "parentcaller": "0x7ffeef092b58",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319"
              }
            ],
            "repeated": 0,
            "id": 607
          },
          {
            "timestamp": "2026-04-16 20:05:54,368",
            "thread_id": "812",
            "caller": "0x7ffeef0885ef",
            "parentcaller": "0x7ffeef092a2e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000364"
              },
              {
                "name": "SubKey",
                "value": "v4.0.30319.00000"
              },
              {
                "name": "Handle",
                "value": "0x00000368"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\AppPatch\\v4.0.30319.00000"
              }
            ],
            "repeated": 0,
            "id": 608
          },
          {
            "timestamp": "2026-04-16 20:05:54,368",
            "thread_id": "812",
            "caller": "0x7ffeef0929d6",
            "parentcaller": "0x7ffeef0926d8",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              }
            ],
            "repeated": 0,
            "id": 609
          },
          {
            "timestamp": "2026-04-16 20:05:54,368",
            "thread_id": "812",
            "caller": "0x7ffeef0885ef",
            "parentcaller": "0x7ffeef092a2e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "mscorwks.dll"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\AppPatch\\v4.0.30319.00000\\mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 610
          },
          {
            "timestamp": "2026-04-16 20:05:54,368",
            "thread_id": "812",
            "caller": "0x7ffeef09277a",
            "parentcaller": "0x7ffeef090b0b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000368"
              }
            ],
            "repeated": 0,
            "id": 611
          },
          {
            "timestamp": "2026-04-16 20:05:54,399",
            "thread_id": "812",
            "caller": "0x7ffefa1a6d7b",
            "parentcaller": "0x7ffefa1a6594",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 612
          },
          {
            "timestamp": "2026-04-16 20:05:54,399",
            "thread_id": "812",
            "caller": "0x7ffefa1a6d7b",
            "parentcaller": "0x7ffefa1a6594",
            "category": "filesystem",
            "api": "SHGetFolderPathW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Folder",
                "value": "0x00000020",
                "pretty_value": "CSIDL_INTERNET_CACHE"
              },
              {
                "name": "Path",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Windows\\INetCache"
              }
            ],
            "repeated": 0,
            "id": 613
          },
          {
            "timestamp": "2026-04-16 20:05:54,399",
            "thread_id": "812",
            "caller": "0x7ffefe3fc155",
            "parentcaller": "0x7ffeaa87c315",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 2,
            "id": 614
          },
          {
            "timestamp": "2026-04-16 20:05:54,399",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00bdf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 615
          },
          {
            "timestamp": "2026-04-16 20:05:54,399",
            "thread_id": "812",
            "caller": "0x7ffefc5dc045",
            "parentcaller": "0x7ffeaa9b004f",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.config"
              }
            ],
            "repeated": 0,
            "id": 616
          },
          {
            "timestamp": "2026-04-16 20:05:54,399",
            "thread_id": "812",
            "caller": "0x7ffefc5dd3ec",
            "parentcaller": "0x7ffeaa857295",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe"
              }
            ],
            "repeated": 0,
            "id": 617
          },
          {
            "timestamp": "2026-04-16 20:05:54,399",
            "thread_id": "812",
            "caller": "0x7ffeaa97be1e",
            "parentcaller": "0x7ffeaa96adea",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64"
              },
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64"
              }
            ],
            "repeated": 0,
            "id": 618
          },
          {
            "timestamp": "2026-04-16 20:05:54,399",
            "thread_id": "812",
            "caller": "0x7ffeaa9b5aed",
            "parentcaller": "0x7ffeaa96ae24",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "ValueName",
                "value": "LatestIndex"
              },
              {
                "name": "Data",
                "value": "12"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\LatestIndex"
              }
            ],
            "repeated": 0,
            "id": 619
          },
          {
            "timestamp": "2026-04-16 20:05:54,399",
            "thread_id": "812",
            "caller": "0x7ffeaa8522a8",
            "parentcaller": "0x7ffeaa9a609f",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              }
            ],
            "repeated": 0,
            "id": 620
          },
          {
            "timestamp": "2026-04-16 20:05:54,399",
            "thread_id": "812",
            "caller": "0x7ffeaa95a730",
            "parentcaller": "0x7ffeaa95a49c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000328"
              },
              {
                "name": "SubKey",
                "value": "NI\\5aa75839\\10fdf3"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\5aa75839\\10fdf3"
              }
            ],
            "repeated": 0,
            "id": 621
          },
          {
            "timestamp": "2026-04-16 20:05:54,399",
            "thread_id": "812",
            "caller": "0x7ffefe3fc155",
            "parentcaller": "0x7ffeaa87c315",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 622
          },
          {
            "timestamp": "2026-04-16 20:05:54,399",
            "thread_id": "812",
            "caller": "0x7ffefc5e147c",
            "parentcaller": "0x7ffeaa95e37e",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.INI"
              }
            ],
            "repeated": 0,
            "id": 623
          },
          {
            "timestamp": "2026-04-16 20:05:54,399",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b050000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 624
          },
          {
            "timestamp": "2026-04-16 20:05:54,415",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b053000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 625
          },
          {
            "timestamp": "2026-04-16 20:05:54,415",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b180000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 626
          },
          {
            "timestamp": "2026-04-16 20:05:54,415",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b180000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 627
          },
          {
            "timestamp": "2026-04-16 20:05:54,415",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b183000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 628
          },
          {
            "timestamp": "2026-04-16 20:05:54,415",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b185000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 629
          },
          {
            "timestamp": "2026-04-16 20:05:54,415",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05312000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 630
          },
          {
            "timestamp": "2026-04-16 20:05:54,415",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa96e299",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefe3e0000"
              }
            ],
            "repeated": 0,
            "id": 631
          },
          {
            "timestamp": "2026-04-16 20:05:54,415",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa96e299",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffefe3e0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "kernel32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 632
          },
          {
            "timestamp": "2026-04-16 20:05:54,415",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa89c6fc",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetFullPathName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 633
          },
          {
            "timestamp": "2026-04-16 20:05:54,415",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa89c879",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetFullPathNameW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe404df0"
              }
            ],
            "repeated": 0,
            "id": 634
          },
          {
            "timestamp": "2026-04-16 20:05:54,431",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b11a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 635
          },
          {
            "timestamp": "2026-04-16 20:05:54,540",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b142000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 636
          },
          {
            "timestamp": "2026-04-16 20:05:54,540",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b11d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 637
          },
          {
            "timestamp": "2026-04-16 20:05:54,540",
            "thread_id": "812",
            "caller": "0x7ffefc618e6e",
            "parentcaller": "0x7ffeaaca8b2f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000250"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x88\\x00\\x00\\x00\\x00\\x00<\\x10\\x00\\x00\\x00\\x00\\x00\\x00,\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "812"
              }
            ],
            "repeated": 0,
            "id": 638
          },
          {
            "timestamp": "2026-04-16 20:05:54,540",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa89c6fc",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetVersionEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 639
          },
          {
            "timestamp": "2026-04-16 20:05:54,540",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa89c879",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetVersionExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3ff980"
              }
            ],
            "repeated": 0,
            "id": 640
          },
          {
            "timestamp": "2026-04-16 20:05:54,540",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa89c6fc",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetVersionEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 641
          },
          {
            "timestamp": "2026-04-16 20:05:54,540",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa89c879",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetVersionExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3ff980"
              }
            ],
            "repeated": 0,
            "id": 642
          },
          {
            "timestamp": "2026-04-16 20:05:54,556",
            "thread_id": "812",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000364"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\l_intl.nls"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 643
          },
          {
            "timestamp": "2026-04-16 20:05:54,556",
            "thread_id": "812",
            "caller": "0x7ffefc617d77",
            "parentcaller": "0x7ffeaacee301",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000364"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\l_intl.nls"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\xc6&\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 644
          },
          {
            "timestamp": "2026-04-16 20:05:54,556",
            "thread_id": "812",
            "caller": "0x7ffefc5e1e71",
            "parentcaller": "0x7ffefc5e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000370"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000364"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\l_intl.nls"
              }
            ],
            "repeated": 0,
            "id": 645
          },
          {
            "timestamp": "2026-04-16 20:05:54,556",
            "thread_id": "812",
            "caller": "0x7ffefc6147e6",
            "parentcaller": "0x7ffefc6146be",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000370"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00cf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007ed800"
              },
              {
                "name": "ViewSize",
                "value": "0x00003000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 646
          },
          {
            "timestamp": "2026-04-16 20:05:54,556",
            "thread_id": "812",
            "caller": "0x7ffefc5da405",
            "parentcaller": "0x7ffeaacee39d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              }
            ],
            "repeated": 0,
            "id": 647
          },
          {
            "timestamp": "2026-04-16 20:05:54,556",
            "thread_id": "812",
            "caller": "0x7ffefc5da405",
            "parentcaller": "0x7ffeaacee3a5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000370"
              }
            ],
            "repeated": 0,
            "id": 648
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffeaa9b24d8",
            "parentcaller": "0x7ffeaa86ded8",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 649
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000370"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 650
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc617d77",
            "parentcaller": "0x7ffeaa990335",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000370"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x10\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x02\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 651
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5e1e71",
            "parentcaller": "0x7ffefc5e22f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000364"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000370"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe"
              }
            ],
            "repeated": 0,
            "id": 652
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc6147e6",
            "parentcaller": "0x7ffefc614692",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000364"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027d0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007ee540"
              },
              {
                "name": "ViewSize",
                "value": "0x00021000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 653
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa9c5b7f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "AdvApi32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefd720000"
              }
            ],
            "repeated": 0,
            "id": 654
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa9c5b7f",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffefd720000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "AdvApi32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 655
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9c5bb2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "CryptAcquireContextA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd737160"
              }
            ],
            "repeated": 0,
            "id": 656
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9c5bd6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "CryptReleaseContext"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd737690"
              }
            ],
            "repeated": 0,
            "id": 657
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9c5bfa",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "CryptCreateHash"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd736b10"
              }
            ],
            "repeated": 0,
            "id": 658
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9c5c1e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "CryptDestroyHash"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd736dd0"
              }
            ],
            "repeated": 0,
            "id": 659
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9c5c42",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "CryptHashData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd736df0"
              }
            ],
            "repeated": 0,
            "id": 660
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9c5c66",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "CryptGetHashParam"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd736540"
              }
            ],
            "repeated": 0,
            "id": 661
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9c5c8a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "CryptImportKey"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd736a40"
              }
            ],
            "repeated": 0,
            "id": 662
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9c5cae",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "CryptExportKey"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd736a60"
              }
            ],
            "repeated": 0,
            "id": 663
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9c5cd2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "CryptGenKey"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd74f530"
              }
            ],
            "repeated": 0,
            "id": 664
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9c5cf6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "CryptGetKeyParam"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd74f570"
              }
            ],
            "repeated": 0,
            "id": 665
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9c5d1a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "CryptDestroyKey"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd737010"
              }
            ],
            "repeated": 0,
            "id": 666
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9c5d3e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "CryptVerifySignatureA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd74f6f0"
              }
            ],
            "repeated": 0,
            "id": 667
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9c5d62",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "CryptSignHashA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd74f6b0"
              }
            ],
            "repeated": 0,
            "id": 668
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9c5d86",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "CryptGetProvParam"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd74f590"
              }
            ],
            "repeated": 0,
            "id": 669
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9c5daa",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "CryptGetUserKey"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd74f5b0"
              }
            ],
            "repeated": 0,
            "id": 670
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9c5dce",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "CryptEnumProvidersA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd74f4f0"
              }
            ],
            "repeated": 0,
            "id": 671
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffeaa851148",
            "parentcaller": "0x7ffeaa96654b",
            "category": "registry",
            "api": "RegOpenKeyExA",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\StrongName"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\StrongName"
              }
            ],
            "repeated": 0,
            "id": 672
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa8598bc",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "mscoree.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef230000"
              }
            ],
            "repeated": 0,
            "id": 673
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa8598bc",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffeef230000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "mscoree.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 674
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa8598d8",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef230000"
              },
              {
                "name": "FunctionName",
                "value": "GetMetaDataInternalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffeef2393c0"
              }
            ],
            "repeated": 0,
            "id": 675
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef239486",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef080000"
              },
              {
                "name": "FunctionName",
                "value": "GetMetaDataInternalInterface_RetAddr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 676
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef2394f2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef080000"
              },
              {
                "name": "FunctionName",
                "value": "GetMetaDataInternalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffeef090d40"
              }
            ],
            "repeated": 0,
            "id": 677
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeef090da5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeaa720000"
              },
              {
                "name": "FunctionName",
                "value": "GetMetaDataInternalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffeaa871a38"
              }
            ],
            "repeated": 0,
            "id": 678
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc618e13",
            "parentcaller": "0x7ffeaac9b2ad",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00021000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 679
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5da405",
            "parentcaller": "0x7ffeaa9be345",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              }
            ],
            "repeated": 0,
            "id": 680
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5da405",
            "parentcaller": "0x7ffeaa9be356",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000370"
              }
            ],
            "repeated": 0,
            "id": 681
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5d1ace",
            "parentcaller": "0x7ffeaa85a7d2",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 682
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5d1ace",
            "parentcaller": "0x7ffeaa85a7d2",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000024c"
              },
              {
                "name": "Milliseconds",
                "value": "3000"
              }
            ],
            "repeated": 0,
            "id": 683
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5e4ced",
            "parentcaller": "0x7ffeaa9af8db",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000024c"
              }
            ],
            "repeated": 0,
            "id": 684
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffeaa98a445",
            "parentcaller": "0x7ffeaa8427a9",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Fusion\\PublisherPolicy\\Default"
              },
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default"
              }
            ],
            "repeated": 0,
            "id": 685
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffeaa98a491",
            "parentcaller": "0x7ffeaa8427a9",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "ValueName",
                "value": "Latest"
              },
              {
                "name": "Data",
                "value": "5"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\Latest"
              }
            ],
            "repeated": 0,
            "id": 686
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000368"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\pubpol5.dat"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 687
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa98a54d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "ValueName",
                "value": "index5"
              },
              {
                "name": "Data",
                "value": "\\x1f"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\index5"
              }
            ],
            "repeated": 0,
            "id": 688
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffeaa98a5ae",
            "parentcaller": "0x7ffeaa8427a9",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "ValueName",
                "value": "LegacyPolicyTimeStamp"
              },
              {
                "name": "Data",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\LegacyPolicyTimeStamp"
              }
            ],
            "repeated": 0,
            "id": 689
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5dd3ec",
            "parentcaller": "0x7ffeaa857295",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC\\PublisherPolicy.tme"
              }
            ],
            "repeated": 0,
            "id": 690
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5dd3ec",
            "parentcaller": "0x7ffeaa857295",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
              }
            ],
            "repeated": 0,
            "id": 691
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 692
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00be2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 693
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefc5daf23",
            "parentcaller": "0x7ffeaa857593",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000036c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "<?xml version=\"1.0\" encoding=\"UTF-8\"?><!--\r\n    Please refer to machine.config.comments for a description and\r\n    the default values of each configuration section.\r\n\r\n    For a full documentation of the schema please refer to\r\n    http://go.microsoft.com/"
              },
              {
                "name": "Length",
                "value": "4095"
              }
            ],
            "repeated": 0,
            "id": 694
          },
          {
            "timestamp": "2026-04-16 20:05:54,571",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00be5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 695
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffefc5daf23",
            "parentcaller": "0x7ffeaa857593",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000036c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "7a5c561934e089\">\r\n            <section name=\"schemaImporterExtensions\" type=\"System.Xml.Serialization.Configuration.SchemaImporterExtensionsSection, System.Xml, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"/>\r\n            <section name"
              },
              {
                "name": "Length",
                "value": "18712"
              }
            ],
            "repeated": 0,
            "id": 696
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffefc5da405",
            "parentcaller": "0x7ffeaa9d146e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 697
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa9dbcf5",
            "parentcaller": "0x7ffeaac12d57",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000364"
              },
              {
                "name": "SubKey",
                "value": "policy.2.0.System.Windows.Forms__b77a5c561934e089"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Windows.Forms__b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 698
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa95a730",
            "parentcaller": "0x7ffeaa95a49c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000328"
              },
              {
                "name": "SubKey",
                "value": "NI\\61e7e666\\c991064"
              },
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064"
              }
            ],
            "repeated": 0,
            "id": 699
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa95a76c",
            "parentcaller": "0x7ffeaa95a49c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e"
              }
            ],
            "repeated": 0,
            "id": 700
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa95a7e1",
            "parentcaller": "0x7ffeaa95a49c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\"
              }
            ],
            "repeated": 0,
            "id": 701
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa95a7f5",
            "parentcaller": "0x7ffeaa95a49c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 702
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa8970de",
            "parentcaller": "0x7ffeaa936bcd",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000328"
              },
              {
                "name": "SubKey",
                "value": "NI\\61e7e666\\c991064\\e"
              },
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e"
              }
            ],
            "repeated": 0,
            "id": 703
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897146",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "System.Windows.Forms,2.0.0.0,,b77a5c561934e089"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 704
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa8971a4",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "ConfigMask"
              },
              {
                "name": "Data",
                "value": "4361"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\ConfigMask"
              }
            ],
            "repeated": 0,
            "id": 705
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa89720a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "ConfigString"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\ConfigString"
              }
            ],
            "repeated": 0,
            "id": 706
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897273",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "MVID"
              },
              {
                "name": "Data",
                "value": "\\xf5j\\x08\\xa5\\xbd\\xfd\\x91\\xd71n~:\\x8ebV7"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\MVID"
              }
            ],
            "repeated": 0,
            "id": 707
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa897578",
            "parentcaller": "0x7ffeaa936bcd",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 708
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa8970de",
            "parentcaller": "0x7ffeaa936bcd",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000328"
              },
              {
                "name": "SubKey",
                "value": "NI\\61e7e666\\c991064\\e"
              },
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e"
              }
            ],
            "repeated": 0,
            "id": 709
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897318",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "EvalationData"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\EvalationData"
              }
            ],
            "repeated": 0,
            "id": 710
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa89734b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\Status"
              }
            ],
            "repeated": 0,
            "id": 711
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897393",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "ILDependencies"
              },
              {
                "name": "Data",
                "value": "@\\xce]G\\xb6\\xf9\\x10\\x19\\x02\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00W\\x8d\\xab\\x19t&\\xa3.\\x07\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xac\\xd6-\\xb7\\xf8\\xf1%\\x03\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8\\xd4KB\\xd5\\x04\\xc5\\x0c\\x06\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00~L\\xc0AT\\xf5Wz\\x1d\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc5Y\\xed<\\x00\\xa2\\x0bb\\x0e\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00d\\x10\\x99\\x0cX\\xb0\\xeb\\x7f\\x1e\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\ILDependencies"
              }
            ],
            "repeated": 0,
            "id": 712
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa89746f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "NIDependencies"
              },
              {
                "name": "Data",
                "value": "\\xc68\\x19\\x18\\xc5\\xe2Py\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00O|\\xbc0O\\xfeP?\\x08\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\x06\\xca<\\xc0\\xd4\\xc7m\\x0f\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\NIDependencies"
              }
            ],
            "repeated": 0,
            "id": 713
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897550",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "MissingDependencies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\MissingDependencies"
              }
            ],
            "repeated": 0,
            "id": 714
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa897578",
            "parentcaller": "0x7ffeaa936bcd",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 715
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa897812",
            "parentcaller": "0x7ffeaa9444d0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000328"
              },
              {
                "name": "SubKey",
                "value": "IL\\475dce40\\1910f9b6\\2"
              },
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\1910f9b6\\2"
              }
            ],
            "repeated": 0,
            "id": 716
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa89786b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "System.Security,2.0.0.0,,b03f5f7f11d50a3a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\1910f9b6\\2\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 717
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa8978bd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "4098"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\1910f9b6\\2\\Status"
              }
            ],
            "repeated": 0,
            "id": 718
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897944",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "Modules"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\1910f9b6\\2\\Modules"
              }
            ],
            "repeated": 0,
            "id": 719
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897988",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "SIG"
              },
              {
                "name": "Data",
                "value": "\\x08\\x03VdL\\xe0}B\\xb3\\x80\\x140i\\xbf^\\xfcT0=\\xdb\\xb5\\x9b\\x9b[1\\xba\\xbe\\xf8I\\x1e\n\\x06G\\xa7\\xbf "
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\1910f9b6\\2\\SIG"
              }
            ],
            "repeated": 0,
            "id": 720
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897a0e",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "LastModTime"
              },
              {
                "name": "Data",
                "value": "\\xa3k\\xc9@\\x07\\xac\\xdc\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\1910f9b6\\2\\LastModTime"
              }
            ],
            "repeated": 0,
            "id": 721
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa897a49",
            "parentcaller": "0x7ffeaa9444d0",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 722
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa897812",
            "parentcaller": "0x7ffeaa9444d0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000328"
              },
              {
                "name": "SubKey",
                "value": "IL\\19ab8d57\\2ea32674\\7"
              },
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\2ea32674\\7"
              }
            ],
            "repeated": 0,
            "id": 723
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa89786b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "System.Xml,2.0.0.0,,b77a5c561934e089"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\2ea32674\\7\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 724
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa8978bd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "4098"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\2ea32674\\7\\Status"
              }
            ],
            "repeated": 0,
            "id": 725
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897944",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "Modules"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\2ea32674\\7\\Modules"
              }
            ],
            "repeated": 0,
            "id": 726
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897988",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "SIG"
              },
              {
                "name": "Data",
                "value": "\\xb2\\x1aNYhyhC\\xa1\\xe5\\x96\\xe9\\x9a\\xf9@\\xad\\x19-\\x99{\\x90v\\xc4\\xa3+&d\\x93s{\\x8e\\xce\\x92\\x18\\xc5\\xc6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\2ea32674\\7\\SIG"
              }
            ],
            "repeated": 0,
            "id": 727
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897a0e",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "LastModTime"
              },
              {
                "name": "Data",
                "value": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\2ea32674\\7\\LastModTime"
              }
            ],
            "repeated": 0,
            "id": 728
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa897a49",
            "parentcaller": "0x7ffeaa9444d0",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 729
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa897812",
            "parentcaller": "0x7ffeaa9444d0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000328"
              },
              {
                "name": "SubKey",
                "value": "IL\\2dd6ac50\\25f1f8b7\\3"
              },
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\25f1f8b7\\3"
              }
            ],
            "repeated": 0,
            "id": 730
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa89786b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "Accessibility,2.0.0.0,,b03f5f7f11d50a3a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\25f1f8b7\\3\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 731
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa8978bd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "4098"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\25f1f8b7\\3\\Status"
              }
            ],
            "repeated": 0,
            "id": 732
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897944",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "Modules"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\25f1f8b7\\3\\Modules"
              }
            ],
            "repeated": 0,
            "id": 733
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897988",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "SIG"
              },
              {
                "name": "Data",
                "value": "z\\xb1\\xaa^\\x82\\x82\\x9bJ\\x84\\x94\\xe5%\\x92\\xf5P\r\\xd2\\xaf\\x11Z\\xf2&\\x19R\\x02V\\x821_\\\\xabW\\xeb\\xe8\\xb4\\xef"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\25f1f8b7\\3\\SIG"
              }
            ],
            "repeated": 0,
            "id": 734
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897a0e",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "LastModTime"
              },
              {
                "name": "Data",
                "value": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\25f1f8b7\\3\\LastModTime"
              }
            ],
            "repeated": 0,
            "id": 735
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa897a49",
            "parentcaller": "0x7ffeaa9444d0",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 736
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa897812",
            "parentcaller": "0x7ffeaa9444d0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000328"
              },
              {
                "name": "SubKey",
                "value": "IL\\424bd4d8\\cc504d5\\6"
              },
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\cc504d5\\6"
              }
            ],
            "repeated": 0,
            "id": 737
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa89786b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "System.Configuration,2.0.0.0,,b03f5f7f11d50a3a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\cc504d5\\6\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 738
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa8978bd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "4098"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\cc504d5\\6\\Status"
              }
            ],
            "repeated": 0,
            "id": 739
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897944",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "Modules"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\cc504d5\\6\\Modules"
              }
            ],
            "repeated": 0,
            "id": 740
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897988",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "SIG"
              },
              {
                "name": "Data",
                "value": ";\\xf2\\x93\\x1d\\xca\\xffYI\\xab\\xdc&X\\x07\\xe4$-!M\\xd0D\\x87\\xd2\\xcbu\\xd7)\\x06\\xd2\\xf2\\x1b\\x07\n{\\xefi\\xab"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\cc504d5\\6\\SIG"
              }
            ],
            "repeated": 0,
            "id": 741
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897a0e",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "LastModTime"
              },
              {
                "name": "Data",
                "value": "Zk\\xb2'\\x07\\xac\\xdc\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\cc504d5\\6\\LastModTime"
              }
            ],
            "repeated": 0,
            "id": 742
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa897a49",
            "parentcaller": "0x7ffeaa9444d0",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 743
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa897812",
            "parentcaller": "0x7ffeaa9444d0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000328"
              },
              {
                "name": "SubKey",
                "value": "IL\\41c04c7e\\7a57f554\\1d"
              },
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7a57f554\\1d"
              }
            ],
            "repeated": 0,
            "id": 744
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa89786b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7a57f554\\1d\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 745
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa8978bd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "4098"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7a57f554\\1d\\Status"
              }
            ],
            "repeated": 0,
            "id": 746
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897944",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "Modules"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7a57f554\\1d\\Modules"
              }
            ],
            "repeated": 0,
            "id": 747
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897988",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "SIG"
              },
              {
                "name": "Data",
                "value": "P\\xd0O\\xcbR]\\x90@\\x85\\x86M\\x87\\x82\r\\xa8\\xdd~\\x17\\xf4\\xe2\\x84\\xca\\x8c\\xfd-\\xacs\\xce\\xf7 \\xc3/\\xb3\\xcft\\xbf"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7a57f554\\1d\\SIG"
              }
            ],
            "repeated": 0,
            "id": 748
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897a0e",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "LastModTime"
              },
              {
                "name": "Data",
                "value": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7a57f554\\1d\\LastModTime"
              }
            ],
            "repeated": 0,
            "id": 749
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa897a49",
            "parentcaller": "0x7ffeaa9444d0",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 750
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa897812",
            "parentcaller": "0x7ffeaa9444d0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000328"
              },
              {
                "name": "SubKey",
                "value": "IL\\3ced59c5\\620ba200\\e"
              },
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\620ba200\\e"
              }
            ],
            "repeated": 0,
            "id": 751
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa89786b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "System.Deployment,2.0.0.0,,b03f5f7f11d50a3a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\620ba200\\e\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 752
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa8978bd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "4098"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\620ba200\\e\\Status"
              }
            ],
            "repeated": 0,
            "id": 753
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897944",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "Modules"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\620ba200\\e\\Modules"
              }
            ],
            "repeated": 0,
            "id": 754
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897988",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "SIG"
              },
              {
                "name": "Data",
                "value": "\\xe1\\x8a\\xf5\\x0e\\xe2q\\x8bN\\x97\nB#\\x17\\x8a\\xe6\\xf3\\xe4i\\x1a\\xeeJVa\\\\xcb\\x0ff)\\x08UQ\\x86\\x80E\\x08\\x1a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\620ba200\\e\\SIG"
              }
            ],
            "repeated": 0,
            "id": 755
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897a0e",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "LastModTime"
              },
              {
                "name": "Data",
                "value": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\620ba200\\e\\LastModTime"
              }
            ],
            "repeated": 0,
            "id": 756
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa897a49",
            "parentcaller": "0x7ffeaa9444d0",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 757
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa897812",
            "parentcaller": "0x7ffeaa9444d0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000328"
              },
              {
                "name": "SubKey",
                "value": "IL\\c991064\\7febb058\\1e"
              },
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\7febb058\\1e"
              }
            ],
            "repeated": 0,
            "id": 758
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa89786b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "System.Windows.Forms,2.0.0.0,,b77a5c561934e089"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\7febb058\\1e\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 759
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa8978bd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "4098"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\7febb058\\1e\\Status"
              }
            ],
            "repeated": 0,
            "id": 760
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897944",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "Modules"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\7febb058\\1e\\Modules"
              }
            ],
            "repeated": 0,
            "id": 761
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897988",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "SIG"
              },
              {
                "name": "Data",
                "value": "\\x84\\xda\\xb9\\xe2\\xe1\\5I\\x8c\\xe5a\\xb1\\xb8\\x91\\xd5\\xf7\\xeeKz\\x06#R\\x17\\xc9\\xbf0\\xed\\xbb\\x91p\\x9a#Zk@\\xd5"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\7febb058\\1e\\SIG"
              }
            ],
            "repeated": 0,
            "id": 762
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897a0e",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "LastModTime"
              },
              {
                "name": "Data",
                "value": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\7febb058\\1e\\LastModTime"
              }
            ],
            "repeated": 0,
            "id": 763
          },
          {
            "timestamp": "2026-04-16 20:05:54,587",
            "thread_id": "812",
            "caller": "0x7ffeaa897a49",
            "parentcaller": "0x7ffeaa9444d0",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 764
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa8970de",
            "parentcaller": "0x7ffeaa936bcd",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000328"
              },
              {
                "name": "SubKey",
                "value": "NI\\30bc7c4f\\3f50fe4f\\8"
              },
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8"
              }
            ],
            "repeated": 0,
            "id": 765
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897146",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "System,2.0.0.0,,b77a5c561934e089"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 766
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa8971a4",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "ConfigMask"
              },
              {
                "name": "Data",
                "value": "4361"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\ConfigMask"
              }
            ],
            "repeated": 0,
            "id": 767
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa89720a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "ConfigString"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\ConfigString"
              }
            ],
            "repeated": 0,
            "id": 768
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897273",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "MVID"
              },
              {
                "name": "Data",
                "value": "IjE\\xa0aK7\\xe8\\xf0&\r?*\\xda\\xbcR"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\MVID"
              }
            ],
            "repeated": 0,
            "id": 769
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897318",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "EvalationData"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\EvalationData"
              }
            ],
            "repeated": 0,
            "id": 770
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa89734b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\Status"
              }
            ],
            "repeated": 0,
            "id": 771
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897393",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "ILDependencies"
              },
              {
                "name": "Data",
                "value": "\\xd8\\xd4KB\\xd5\\x04\\xc5\\x0c\\x06\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00W\\x8d\\xab\\x19t&\\xa3.\\x07\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00O\\xfeP?\\xe6\\xad\\xb2G\\x08\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\ILDependencies"
              }
            ],
            "repeated": 0,
            "id": 772
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa89746f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "NIDependencies"
              },
              {
                "name": "Data",
                "value": "\\xc68\\x19\\x18\\xc5\\xe2Py\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\NIDependencies"
              }
            ],
            "repeated": 0,
            "id": 773
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897550",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "MissingDependencies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\MissingDependencies"
              }
            ],
            "repeated": 0,
            "id": 774
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa897578",
            "parentcaller": "0x7ffeaa936bcd",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 775
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa897812",
            "parentcaller": "0x7ffeaa9444d0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000328"
              },
              {
                "name": "SubKey",
                "value": "IL\\3f50fe4f\\47b2ade6\\8"
              },
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\47b2ade6\\8"
              }
            ],
            "repeated": 0,
            "id": 776
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa89786b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "System,2.0.0.0,,b77a5c561934e089"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\47b2ade6\\8\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 777
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa8978bd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "4098"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\47b2ade6\\8\\Status"
              }
            ],
            "repeated": 0,
            "id": 778
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897944",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "Modules"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\47b2ade6\\8\\Modules"
              }
            ],
            "repeated": 0,
            "id": 779
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897988",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "SIG"
              },
              {
                "name": "Data",
                "value": "\\xd40\\\\x82\\xcf\\xa4LF\\xb7\\xeb\\xb8\\x14XT\\xd1\\xf81\\x82\\x8d\\xfa\\x12E\\x8d}\\x7f\\x90'\\xf5\\xa5\\x82\\xdb\\x0c\\x14c\\x12\\x1a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\47b2ade6\\8\\SIG"
              }
            ],
            "repeated": 0,
            "id": 780
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897a0e",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "LastModTime"
              },
              {
                "name": "Data",
                "value": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\47b2ade6\\8\\LastModTime"
              }
            ],
            "repeated": 0,
            "id": 781
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa897a49",
            "parentcaller": "0x7ffeaa9444d0",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 782
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa8970de",
            "parentcaller": "0x7ffeaa936bcd",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000328"
              },
              {
                "name": "SubKey",
                "value": "NI\\3cca06a0\\6dc7d4c0\\f"
              },
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f"
              }
            ],
            "repeated": 0,
            "id": 783
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897146",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "System.Drawing,2.0.0.0,,b03f5f7f11d50a3a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 784
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa8971a4",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "ConfigMask"
              },
              {
                "name": "Data",
                "value": "4361"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\ConfigMask"
              }
            ],
            "repeated": 0,
            "id": 785
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa89720a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "ConfigString"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\ConfigString"
              }
            ],
            "repeated": 0,
            "id": 786
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897273",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "MVID"
              },
              {
                "name": "Data",
                "value": "q\\x98\\x85\\x1e\\xdeF\\xae\\x046)\\xa6\\x10\\x91B/d"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\MVID"
              }
            ],
            "repeated": 0,
            "id": 787
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897318",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "EvalationData"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\EvalationData"
              }
            ],
            "repeated": 0,
            "id": 788
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa89734b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\Status"
              }
            ],
            "repeated": 0,
            "id": 789
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897393",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "ILDependencies"
              },
              {
                "name": "Data",
                "value": "\\xc0\\xd4\\xc7m\\x16\\x96\\x94$\\x10\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\ILDependencies"
              }
            ],
            "repeated": 0,
            "id": 790
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa89746f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "NIDependencies"
              },
              {
                "name": "Data",
                "value": "\\xc68\\x19\\x18\\xc5\\xe2Py\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00O|\\xbc0O\\xfeP?\\x08\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\NIDependencies"
              }
            ],
            "repeated": 0,
            "id": 791
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897550",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "MissingDependencies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\MissingDependencies"
              }
            ],
            "repeated": 0,
            "id": 792
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa897578",
            "parentcaller": "0x7ffeaa936bcd",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 793
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa897812",
            "parentcaller": "0x7ffeaa9444d0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000328"
              },
              {
                "name": "SubKey",
                "value": "IL\\6dc7d4c0\\24949616\\10"
              },
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\24949616\\10"
              }
            ],
            "repeated": 0,
            "id": 794
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa89786b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "System.Drawing,2.0.0.0,,b03f5f7f11d50a3a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\24949616\\10\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 795
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa8978bd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "4098"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\24949616\\10\\Status"
              }
            ],
            "repeated": 0,
            "id": 796
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897944",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "Modules"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\24949616\\10\\Modules"
              }
            ],
            "repeated": 0,
            "id": 797
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897988",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "SIG"
              },
              {
                "name": "Data",
                "value": "\\x7fX\\xbb\\xfa\\x0e\\xf2\\xcbD\\x91\\xf4^\\x19\\xf6\r\r\\x0c\\xab\\x0eq\\xfcgB\\x12\\xe3\\xe8\\xe5\\x99Q\\x80\\xb8\\x0bu\\xdc\\x16\\x14?"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\24949616\\10\\SIG"
              }
            ],
            "repeated": 0,
            "id": 798
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa89763e",
            "parentcaller": "0x7ffeaa897a0e",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "LastModTime"
              },
              {
                "name": "Data",
                "value": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\24949616\\10\\LastModTime"
              }
            ],
            "repeated": 0,
            "id": 799
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa897a49",
            "parentcaller": "0x7ffeaa9444d0",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 800
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00bea000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 801
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa97b7a0",
            "parentcaller": "0x7ffeaa97b8b8",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000330"
              },
              {
                "name": "ValueName",
                "value": "System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL"
              },
              {
                "name": "Data",
                "value": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL"
              }
            ],
            "repeated": 0,
            "id": 802
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa9dbcf5",
            "parentcaller": "0x7ffeaac12d57",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000364"
              },
              {
                "name": "SubKey",
                "value": "policy.2.0.System.Drawing__b03f5f7f11d50a3a"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Drawing__b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 803
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa97b7a0",
            "parentcaller": "0x7ffeaa97b8b8",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000330"
              },
              {
                "name": "ValueName",
                "value": "System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL"
              },
              {
                "name": "Data",
                "value": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL"
              }
            ],
            "repeated": 0,
            "id": 804
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa9dbcf5",
            "parentcaller": "0x7ffeaac12d57",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000364"
              },
              {
                "name": "SubKey",
                "value": "policy.2.0.System__b77a5c561934e089"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System__b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 805
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa97b7a0",
            "parentcaller": "0x7ffeaa97b8b8",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000330"
              },
              {
                "name": "ValueName",
                "value": "System,2.0.0.0,,b77a5c561934e089,MSIL"
              },
              {
                "name": "Data",
                "value": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System,2.0.0.0,,b77a5c561934e089,MSIL"
              }
            ],
            "repeated": 0,
            "id": 806
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa9dbcf5",
            "parentcaller": "0x7ffeaac12d57",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000364"
              },
              {
                "name": "SubKey",
                "value": "policy.2.0.System.Xml__b77a5c561934e089"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Xml__b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 807
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa97b7a0",
            "parentcaller": "0x7ffeaa97b8b8",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000330"
              },
              {
                "name": "ValueName",
                "value": "System.Xml,2.0.0.0,,b77a5c561934e089,MSIL"
              },
              {
                "name": "Data",
                "value": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL"
              }
            ],
            "repeated": 0,
            "id": 808
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa9dbcf5",
            "parentcaller": "0x7ffeaac12d57",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000364"
              },
              {
                "name": "SubKey",
                "value": "policy.2.0.System.Configuration__b03f5f7f11d50a3a"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Configuration__b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 809
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffeaa97b7a0",
            "parentcaller": "0x7ffeaa97b8b8",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000330"
              },
              {
                "name": "ValueName",
                "value": "System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL"
              },
              {
                "name": "Data",
                "value": "Zk\\xb2'\\x07\\xac\\xdc\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL"
              }
            ],
            "repeated": 0,
            "id": 810
          },
          {
            "timestamp": "2026-04-16 20:05:54,602",
            "thread_id": "812",
            "caller": "0x7ffefe3fc155",
            "parentcaller": "0x7ffeaa87c315",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 811
          },
          {
            "timestamp": "2026-04-16 20:05:54,696",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa96e299",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System\\496a45a0614b37e8f0260d3f2adabc52\\System.ni"
              },
              {
                "name": "DllBase",
                "value": "0x7ffea8be0000"
              }
            ],
            "repeated": 0,
            "id": 812
          },
          {
            "timestamp": "2026-04-16 20:05:54,696",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa96e299",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System\\496a45a0614b37e8f0260d3f2adabc52\\System.ni.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffea8be0000"
              }
            ],
            "repeated": 0,
            "id": 813
          },
          {
            "timestamp": "2026-04-16 20:05:54,712",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa96e299",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffea8be0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System\\496a45a0614b37e8f0260d3f2adabc52\\System.ni.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 814
          },
          {
            "timestamp": "2026-04-16 20:05:54,712",
            "thread_id": "812",
            "caller": "0x7ffefe3fc155",
            "parentcaller": "0x7ffeaa87c315",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 815
          },
          {
            "timestamp": "2026-04-16 20:05:54,743",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa96e299",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Drawing\\7198851ede46ae043629a61091422f64\\System.Drawing.ni"
              },
              {
                "name": "DllBase",
                "value": "0x7ffea89a0000"
              }
            ],
            "repeated": 0,
            "id": 816
          },
          {
            "timestamp": "2026-04-16 20:05:54,774",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa96e299",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Drawing\\7198851ede46ae043629a61091422f64\\System.Drawing.ni.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffea89a0000"
              }
            ],
            "repeated": 0,
            "id": 817
          },
          {
            "timestamp": "2026-04-16 20:05:54,774",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa96e299",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffea89a0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Drawing\\7198851ede46ae043629a61091422f64\\System.Drawing.ni.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 818
          },
          {
            "timestamp": "2026-04-16 20:05:54,806",
            "thread_id": "812",
            "caller": "0x7ffeaa9dbcf5",
            "parentcaller": "0x7ffeaac12d57",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000364"
              },
              {
                "name": "SubKey",
                "value": "policy.2.0.System.Deployment__b03f5f7f11d50a3a"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Deployment__b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 819
          },
          {
            "timestamp": "2026-04-16 20:05:54,806",
            "thread_id": "812",
            "caller": "0x7ffeaa97b7a0",
            "parentcaller": "0x7ffeaa97b8b8",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000330"
              },
              {
                "name": "ValueName",
                "value": "System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL"
              },
              {
                "name": "Data",
                "value": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL"
              }
            ],
            "repeated": 0,
            "id": 820
          },
          {
            "timestamp": "2026-04-16 20:05:54,806",
            "thread_id": "812",
            "caller": "0x7ffeaa9dbcf5",
            "parentcaller": "0x7ffeaac12d57",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000364"
              },
              {
                "name": "SubKey",
                "value": "policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 821
          },
          {
            "timestamp": "2026-04-16 20:05:54,806",
            "thread_id": "812",
            "caller": "0x7ffeaa97b7a0",
            "parentcaller": "0x7ffeaa97b8b8",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000330"
              },
              {
                "name": "ValueName",
                "value": "System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL"
              },
              {
                "name": "Data",
                "value": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL"
              }
            ],
            "repeated": 0,
            "id": 822
          },
          {
            "timestamp": "2026-04-16 20:05:54,806",
            "thread_id": "812",
            "caller": "0x7ffeaa9dbcf5",
            "parentcaller": "0x7ffeaac12d57",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000364"
              },
              {
                "name": "SubKey",
                "value": "policy.2.0.Accessibility__b03f5f7f11d50a3a"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.Accessibility__b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 823
          },
          {
            "timestamp": "2026-04-16 20:05:54,806",
            "thread_id": "812",
            "caller": "0x7ffeaa97b7a0",
            "parentcaller": "0x7ffeaa97b8b8",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000330"
              },
              {
                "name": "ValueName",
                "value": "Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL"
              },
              {
                "name": "Data",
                "value": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL"
              }
            ],
            "repeated": 0,
            "id": 824
          },
          {
            "timestamp": "2026-04-16 20:05:54,806",
            "thread_id": "812",
            "caller": "0x7ffeaa9dbcf5",
            "parentcaller": "0x7ffeaac12d57",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000364"
              },
              {
                "name": "SubKey",
                "value": "policy.2.0.System.Security__b03f5f7f11d50a3a"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Security__b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 825
          },
          {
            "timestamp": "2026-04-16 20:05:54,806",
            "thread_id": "812",
            "caller": "0x7ffeaa97b7a0",
            "parentcaller": "0x7ffeaa97b8b8",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000330"
              },
              {
                "name": "ValueName",
                "value": "System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL"
              },
              {
                "name": "Data",
                "value": "\\xa3k\\xc9@\\x07\\xac\\xdc\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL"
              }
            ],
            "repeated": 0,
            "id": 826
          },
          {
            "timestamp": "2026-04-16 20:05:54,806",
            "thread_id": "812",
            "caller": "0x7ffefe3fc155",
            "parentcaller": "0x7ffeaa87c315",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 827
          },
          {
            "timestamp": "2026-04-16 20:05:54,821",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa96e299",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Windows.Forms\\f56a08a5bdfd91d7316e7e3a8e625637\\System.Windows.Forms.ni"
              },
              {
                "name": "DllBase",
                "value": "0x7ffea7900000"
              }
            ],
            "repeated": 0,
            "id": 828
          },
          {
            "timestamp": "2026-04-16 20:05:54,821",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa96e299",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Windows.Forms\\f56a08a5bdfd91d7316e7e3a8e625637\\System.Windows.Forms.ni.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffea7900000"
              }
            ],
            "repeated": 0,
            "id": 829
          },
          {
            "timestamp": "2026-04-16 20:05:54,821",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa96e299",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffea7900000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Windows.Forms\\f56a08a5bdfd91d7316e7e3a8e625637\\System.Windows.Forms.ni.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 830
          },
          {
            "timestamp": "2026-04-16 20:05:54,837",
            "thread_id": "812",
            "caller": "0x7ffefe3fc155",
            "parentcaller": "0x7ffeaa87c315",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 3,
            "id": 831
          },
          {
            "timestamp": "2026-04-16 20:05:54,837",
            "thread_id": "812",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffeaa95dc8e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "MSCORWKS.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeaa720000"
              }
            ],
            "repeated": 0,
            "id": 832
          },
          {
            "timestamp": "2026-04-16 20:05:54,837",
            "thread_id": "812",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffeaa95dc8e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "mscorjit.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeaa720000"
              }
            ],
            "repeated": 0,
            "id": 833
          },
          {
            "timestamp": "2026-04-16 20:05:54,837",
            "thread_id": "812",
            "caller": "0x7ffefc5e147c",
            "parentcaller": "0x7ffeaa95e37e",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.INI"
              }
            ],
            "repeated": 0,
            "id": 834
          },
          {
            "timestamp": "2026-04-16 20:05:54,837",
            "thread_id": "812",
            "caller": "0x7ffeaa9c9b88",
            "parentcaller": "0x7ffeaa997913",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\.NETFramework\\Policy\\APTCA"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Policy\\APTCA"
              }
            ],
            "repeated": 0,
            "id": 835
          },
          {
            "timestamp": "2026-04-16 20:05:54,852",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00bef000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 836
          },
          {
            "timestamp": "2026-04-16 20:05:54,852",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00bf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 837
          },
          {
            "timestamp": "2026-04-16 20:05:54,852",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00bf1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 838
          },
          {
            "timestamp": "2026-04-16 20:05:54,852",
            "thread_id": "812",
            "caller": "0x7ffefe3fc155",
            "parentcaller": "0x7ffeaa87c315",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 3,
            "id": 839
          },
          {
            "timestamp": "2026-04-16 20:05:54,852",
            "thread_id": "812",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffeaa95dc8e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "MSCORWKS.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeaa720000"
              }
            ],
            "repeated": 0,
            "id": 840
          },
          {
            "timestamp": "2026-04-16 20:05:54,852",
            "thread_id": "812",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffeaa95dc8e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "mscorjit.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeaa720000"
              }
            ],
            "repeated": 0,
            "id": 841
          },
          {
            "timestamp": "2026-04-16 20:05:54,852",
            "thread_id": "812",
            "caller": "0x7ffefc5e147c",
            "parentcaller": "0x7ffeaa95e37e",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.INI"
              }
            ],
            "repeated": 0,
            "id": 842
          },
          {
            "timestamp": "2026-04-16 20:05:54,899",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffea95e4000"
              },
              {
                "name": "ModuleName",
                "value": "System.ni.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00005000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 843
          },
          {
            "timestamp": "2026-04-16 20:05:54,899",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffea95e4000"
              },
              {
                "name": "ModuleName",
                "value": "System.ni.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00005000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 844
          },
          {
            "timestamp": "2026-04-16 20:05:54,899",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00bf3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 845
          },
          {
            "timestamp": "2026-04-16 20:05:54,915",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b054000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 846
          },
          {
            "timestamp": "2026-04-16 20:05:54,915",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00bf4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 847
          },
          {
            "timestamp": "2026-04-16 20:05:54,915",
            "thread_id": "812",
            "caller": "0x7ffefe3fc155",
            "parentcaller": "0x7ffeaa87c315",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 3,
            "id": 848
          },
          {
            "timestamp": "2026-04-16 20:05:54,915",
            "thread_id": "812",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffeaa95dc8e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "MSCORWKS.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeaa720000"
              }
            ],
            "repeated": 0,
            "id": 849
          },
          {
            "timestamp": "2026-04-16 20:05:54,915",
            "thread_id": "812",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffeaa95dc8e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "mscorjit.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeaa720000"
              }
            ],
            "repeated": 0,
            "id": 850
          },
          {
            "timestamp": "2026-04-16 20:05:54,915",
            "thread_id": "812",
            "caller": "0x7ffefc5e147c",
            "parentcaller": "0x7ffeaa95e37e",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Drawing\\2.0.0.0__b03f5f7f11d50a3a\\System.Drawing.INI"
              }
            ],
            "repeated": 0,
            "id": 851
          },
          {
            "timestamp": "2026-04-16 20:05:54,915",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffea8bcc000"
              },
              {
                "name": "ModuleName",
                "value": "System.Drawing.ni.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 852
          },
          {
            "timestamp": "2026-04-16 20:05:54,915",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffea8bcc000"
              },
              {
                "name": "ModuleName",
                "value": "System.Drawing.ni.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 853
          },
          {
            "timestamp": "2026-04-16 20:05:54,931",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffea8948000"
              },
              {
                "name": "ModuleName",
                "value": "System.Windows.Forms.ni.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00006000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 854
          },
          {
            "timestamp": "2026-04-16 20:05:54,931",
            "thread_id": "812",
            "caller": "0x7ffefc614dd6",
            "parentcaller": "0x7ffeaac9db7f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffea8948000"
              },
              {
                "name": "ModuleName",
                "value": "System.Windows.Forms.ni.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00006000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 855
          },
          {
            "timestamp": "2026-04-16 20:05:54,931",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00bf6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 856
          },
          {
            "timestamp": "2026-04-16 20:05:54,962",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b055000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 857
          },
          {
            "timestamp": "2026-04-16 20:05:54,993",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00bf8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 858
          },
          {
            "timestamp": "2026-04-16 20:05:54,993",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00bfb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 859
          },
          {
            "timestamp": "2026-04-16 20:05:55,212",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00bfe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 860
          },
          {
            "timestamp": "2026-04-16 20:05:55,212",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 861
          },
          {
            "timestamp": "2026-04-16 20:05:55,212",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c03000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 862
          },
          {
            "timestamp": "2026-04-16 20:05:55,212",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c06000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 863
          },
          {
            "timestamp": "2026-04-16 20:05:55,212",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c09000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 864
          },
          {
            "timestamp": "2026-04-16 20:05:55,212",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c0c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 865
          },
          {
            "timestamp": "2026-04-16 20:05:55,227",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b057000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 866
          },
          {
            "timestamp": "2026-04-16 20:05:55,227",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b05c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 867
          },
          {
            "timestamp": "2026-04-16 20:05:55,227",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b186000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 868
          },
          {
            "timestamp": "2026-04-16 20:05:55,509",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa9a9c4e",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorjit"
              },
              {
                "name": "DllBase",
                "value": "0x7ffeac470000"
              }
            ],
            "repeated": 0,
            "id": 869
          },
          {
            "timestamp": "2026-04-16 20:05:55,665",
            "thread_id": "812",
            "caller": "0x7ffeac5562d5",
            "parentcaller": "0x7ffeac555f31",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 870
          },
          {
            "timestamp": "2026-04-16 20:05:55,743",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa9a9c4e",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorjit.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeac470000"
              }
            ],
            "repeated": 0,
            "id": 871
          },
          {
            "timestamp": "2026-04-16 20:05:55,743",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeaa9a9c4e",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffeac470000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorjit.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 872
          },
          {
            "timestamp": "2026-04-16 20:05:55,743",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa9c586a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscorjit.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeac470000"
              },
              {
                "name": "FunctionName",
                "value": "getJit"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffeac552a80"
              }
            ],
            "repeated": 0,
            "id": 873
          },
          {
            "timestamp": "2026-04-16 20:05:55,743",
            "thread_id": "812",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffefc5e2d56",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "mscorwks.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeaa720000"
              }
            ],
            "repeated": 0,
            "id": 874
          },
          {
            "timestamp": "2026-04-16 20:05:55,743",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeac552b81",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeaa720000"
              },
              {
                "name": "FunctionName",
                "value": "GetCLRFunction"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffeaa983ad8"
              }
            ],
            "repeated": 0,
            "id": 875
          },
          {
            "timestamp": "2026-04-16 20:05:55,743",
            "thread_id": "812",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c0f000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 876
          },
          {
            "timestamp": "2026-04-16 20:05:55,743",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeac5528a4",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "mscoree.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef230000"
              }
            ],
            "repeated": 0,
            "id": 877
          },
          {
            "timestamp": "2026-04-16 20:05:55,743",
            "thread_id": "812",
            "caller": "0x7ffefc5dae52",
            "parentcaller": "0x7ffeac5528a4",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffeef230000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "mscoree.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 878
          },
          {
            "timestamp": "2026-04-16 20:05:55,743",
            "thread_id": "812",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeac5528c0",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef230000"
              },
              {
                "name": "FunctionName",
                "value": "IEE"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffeef238ea0"
              }
            ],
            "repeated": 0,
            "id": 879
          },
          {
            "timestamp": "2026-04-16 20:05:55,743",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 880
          },
          {
            "timestamp": "2026-04-16 20:05:55,743",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 881
          },
          {
            "timestamp": "2026-04-16 20:05:55,759",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 882
          },
          {
            "timestamp": "2026-04-16 20:05:55,806",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b190000"
              },
              {
                "name": "RegionSize",
                "value": "0x00040000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 883
          },
          {
            "timestamp": "2026-04-16 20:05:56,009",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b190000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 884
          },
          {
            "timestamp": "2026-04-16 20:05:56,009",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b187000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 885
          },
          {
            "timestamp": "2026-04-16 20:05:56,009",
            "thread_id": "812",
            "caller": "0x7ffefe8b8466",
            "parentcaller": "0x7ffeaa9aad13",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 886
          },
          {
            "timestamp": "2026-04-16 20:05:56,009",
            "thread_id": "812",
            "caller": "0x7ffefe86354a",
            "parentcaller": "0x7ffefe862252",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefe9d1000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00004000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 887
          },
          {
            "timestamp": "2026-04-16 20:05:56,009",
            "thread_id": "812",
            "caller": "0x7ffefe86354a",
            "parentcaller": "0x7ffefe862296",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefe9d1000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00004000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 888
          },
          {
            "timestamp": "2026-04-16 20:05:56,134",
            "thread_id": "812",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 889
          },
          {
            "timestamp": "2026-04-16 20:05:56,290",
            "thread_id": "812",
            "caller": "0x7ffe4b190129",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000364"
              },
              {
                "name": "SubKey",
                "value": "policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 890
          },
          {
            "timestamp": "2026-04-16 20:05:56,290",
            "thread_id": "812",
            "caller": "0x7ffe4b190129",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000328"
              },
              {
                "name": "SubKey",
                "value": "NI\\1c22df2f\\4f99a7c9"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\1c22df2f\\4f99a7c9"
              }
            ],
            "repeated": 0,
            "id": 891
          },
          {
            "timestamp": "2026-04-16 20:05:56,290",
            "thread_id": "812",
            "caller": "0x7ffe4b190129",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_64\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 892
          },
          {
            "timestamp": "2026-04-16 20:05:56,290",
            "thread_id": "812",
            "caller": "0x7ffe4b190129",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 893
          },
          {
            "timestamp": "2026-04-16 20:05:56,290",
            "thread_id": "812",
            "caller": "0x7ffe4b190129",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll"
              }
            ],
            "repeated": 0,
            "id": 894
          },
          {
            "timestamp": "2026-04-16 20:05:56,290",
            "thread_id": "812",
            "caller": "0x7ffe4b190129",
            "parentcaller": "0x5591a465d8c",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 895
          },
          {
            "timestamp": "2026-04-16 20:05:56,290",
            "thread_id": "812",
            "caller": "0x7ffe4b190129",
            "parentcaller": "0x5591a465ddc",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000374"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 896
          },
          {
            "timestamp": "2026-04-16 20:05:56,431",
            "thread_id": "812",
            "caller": "0x7ffe4b190129",
            "parentcaller": "0x5591a465ddc",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000037c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000374"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll"
              }
            ],
            "repeated": 0,
            "id": 897
          },
          {
            "timestamp": "2026-04-16 20:05:56,431",
            "thread_id": "812",
            "caller": "0x7ffe4b190129",
            "parentcaller": "0x5591a46524c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x4000000e",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000037c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e00000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007e8ba0"
              },
              {
                "name": "ViewSize",
                "value": "0x000a6000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 898
          },
          {
            "timestamp": "2026-04-16 20:05:56,431",
            "thread_id": "812",
            "caller": "0x7ffe4b190129",
            "parentcaller": "0x5591a46524c",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x4000000e",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000037c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dbf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007e8ba0"
              },
              {
                "name": "ViewSize",
                "value": "0x000a6000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 899
          },
          {
            "timestamp": "2026-04-16 20:05:56,431",
            "thread_id": "812",
            "caller": "0x7ffe4b190129",
            "parentcaller": "0x5591a465d4c",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 900
          },
          {
            "timestamp": "2026-04-16 20:05:56,852",
            "thread_id": "812",
            "caller": "0x7ffe4b190129",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 901
          },
          {
            "timestamp": "2026-04-16 20:05:56,852",
            "thread_id": "812",
            "caller": "0x7ffe4b190129",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.INI"
              }
            ],
            "repeated": 0,
            "id": 902
          },
          {
            "timestamp": "2026-04-16 20:05:57,118",
            "thread_id": "812",
            "caller": "0x7ffe4b190129",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 903
          },
          {
            "timestamp": "2026-04-16 20:05:57,118",
            "thread_id": "812",
            "caller": "0x7ffe4b190129",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000c000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 904
          },
          {
            "timestamp": "2026-04-16 20:05:57,118",
            "thread_id": "812",
            "caller": "0x7ffe4b190129",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1dc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 905
          },
          {
            "timestamp": "2026-04-16 20:05:57,118",
            "thread_id": "812",
            "caller": "0x7ffe4b190129",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b058000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 906
          },
          {
            "timestamp": "2026-04-16 20:05:57,181",
            "thread_id": "812",
            "caller": "0x7ffe4b190129",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1de000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 907
          },
          {
            "timestamp": "2026-04-16 20:05:57,181",
            "thread_id": "812",
            "caller": "0x7ffe4b190129",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 908
          },
          {
            "timestamp": "2026-04-16 20:05:57,290",
            "thread_id": "812",
            "caller": "0x7ffe4b190129",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 909
          },
          {
            "timestamp": "2026-04-16 20:05:57,290",
            "thread_id": "812",
            "caller": "0x7ffe4b190129",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000374"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 910
          },
          {
            "timestamp": "2026-04-16 20:05:57,290",
            "thread_id": "812",
            "caller": "0x7ffe4b190129",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000036c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 911
          },
          {
            "timestamp": "2026-04-16 20:05:57,290",
            "thread_id": "812",
            "caller": "0x7ffe4b190129",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000002"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e00000"
              }
            ],
            "repeated": 0,
            "id": 912
          },
          {
            "timestamp": "2026-04-16 20:05:57,290",
            "thread_id": "812",
            "caller": "0x7ffe4b190129",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x04e00000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000009"
              }
            ],
            "repeated": 0,
            "id": 913
          },
          {
            "timestamp": "2026-04-16 20:05:57,290",
            "thread_id": "812",
            "caller": "0x7ffe4b190129",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 914
          },
          {
            "timestamp": "2026-04-16 20:05:57,446",
            "thread_id": "812",
            "caller": "0x7ffe4b190129",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b059000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 915
          },
          {
            "timestamp": "2026-04-16 20:05:57,556",
            "thread_id": "812",
            "caller": "0x7ffe4b190129",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 916
          },
          {
            "timestamp": "2026-04-16 20:05:57,556",
            "thread_id": "812",
            "caller": "0x7ffe4b190129",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 917
          },
          {
            "timestamp": "2026-04-16 20:05:57,556",
            "thread_id": "812",
            "caller": "0x7ffe4b190129",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02800000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 918
          },
          {
            "timestamp": "2026-04-16 20:05:58,384",
            "thread_id": "812",
            "caller": "0x7ffe4b1902d9",
            "parentcaller": "0x7ffe4b190129",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02810000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 919
          },
          {
            "timestamp": "2026-04-16 20:05:58,915",
            "thread_id": "812",
            "caller": "0x7ffe4b19047b",
            "parentcaller": "0x7ffe4b190134",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 920
          },
          {
            "timestamp": "2026-04-16 20:05:59,415",
            "thread_id": "812",
            "caller": "0x7ffe4b19047b",
            "parentcaller": "0x7ffe4b190134",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\VERSION.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 921
          },
          {
            "timestamp": "2026-04-16 20:05:59,415",
            "thread_id": "812",
            "caller": "0x7ffe4b19047b",
            "parentcaller": "0x7ffe4b190134",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\VERSION.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 922
          },
          {
            "timestamp": "2026-04-16 20:05:59,415",
            "thread_id": "812",
            "caller": "0x7ffe4b19047b",
            "parentcaller": "0x7ffe4b190134",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "VERSION.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffef5730000"
              }
            ],
            "repeated": 0,
            "id": 923
          },
          {
            "timestamp": "2026-04-16 20:05:59,415",
            "thread_id": "812",
            "caller": "0x7ffe4b19047b",
            "parentcaller": "0x7ffe4b190134",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffef5730000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "VERSION.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 924
          },
          {
            "timestamp": "2026-04-16 20:05:59,415",
            "thread_id": "812",
            "caller": "0x7ffe4b19047b",
            "parentcaller": "0x7ffe4b190134",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "VERSION.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffef5730000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileVersionInfoSizeW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffef57310b0"
              }
            ],
            "repeated": 0,
            "id": 925
          },
          {
            "timestamp": "2026-04-16 20:05:59,415",
            "thread_id": "812",
            "caller": "0x7ffe4b19047b",
            "parentcaller": "0x7ffe4b190134",
            "category": "filesystem",
            "api": "GetFileVersionInfoSizeW",
            "status": true,
            "return": "0x000007a4",
            "arguments": [
              {
                "name": "PathName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll"
              }
            ],
            "repeated": 0,
            "id": 926
          },
          {
            "timestamp": "2026-04-16 20:05:59,415",
            "thread_id": "812",
            "caller": "0x7ffe4b19047b",
            "parentcaller": "0x7ffe4b190134",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "VERSION.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffef5730000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileVersionInfoW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffef57310d0"
              }
            ],
            "repeated": 0,
            "id": 927
          },
          {
            "timestamp": "2026-04-16 20:05:59,415",
            "thread_id": "812",
            "caller": "0x7ffe4b19047b",
            "parentcaller": "0x7ffe4b190134",
            "category": "filesystem",
            "api": "GetFileVersionInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "PathName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll"
              }
            ],
            "repeated": 0,
            "id": 928
          },
          {
            "timestamp": "2026-04-16 20:05:59,415",
            "thread_id": "812",
            "caller": "0x7ffe4b19047b",
            "parentcaller": "0x7ffe4b190134",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "VERSION.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffef5730000"
              },
              {
                "name": "FunctionName",
                "value": "VerQueryValueW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffef5731050"
              }
            ],
            "repeated": 0,
            "id": 929
          },
          {
            "timestamp": "2026-04-16 20:05:59,446",
            "thread_id": "812",
            "caller": "0x7ffe4b19047b",
            "parentcaller": "0x7ffe4b190134",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02820000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 930
          },
          {
            "timestamp": "2026-04-16 20:05:59,462",
            "thread_id": "812",
            "caller": "0x7ffe4b19047b",
            "parentcaller": "0x7ffe4b190134",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 931
          },
          {
            "timestamp": "2026-04-16 20:05:59,462",
            "thread_id": "812",
            "caller": "0x7ffe4b19047b",
            "parentcaller": "0x7ffe4b190134",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02830000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 932
          },
          {
            "timestamp": "2026-04-16 20:05:59,462",
            "thread_id": "812",
            "caller": "0x7ffe4b19047b",
            "parentcaller": "0x7ffe4b190134",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02840000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 933
          },
          {
            "timestamp": "2026-04-16 20:05:59,462",
            "thread_id": "812",
            "caller": "0x7ffe4b19047b",
            "parentcaller": "0x7ffe4b190134",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02830000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 934
          },
          {
            "timestamp": "2026-04-16 20:05:59,462",
            "thread_id": "812",
            "caller": "0x7ffe4b19047b",
            "parentcaller": "0x7ffe4b190134",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 935
          },
          {
            "timestamp": "2026-04-16 20:05:59,462",
            "thread_id": "812",
            "caller": "0x7ffe4b19047b",
            "parentcaller": "0x7ffe4b190134",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c0e000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 936
          },
          {
            "timestamp": "2026-04-16 20:05:59,462",
            "thread_id": "812",
            "caller": "0x7ffe4b19047b",
            "parentcaller": "0x7ffe4b190134",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00bfb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 937
          },
          {
            "timestamp": "2026-04-16 20:05:59,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190608",
            "parentcaller": "0x7ffe4b19047b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 938
          },
          {
            "timestamp": "2026-04-16 20:05:59,524",
            "thread_id": "812",
            "caller": "0x7ffe4b190608",
            "parentcaller": "0x7ffe4b19047b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 939
          },
          {
            "timestamp": "2026-04-16 20:05:59,587",
            "thread_id": "812",
            "caller": "0x7ffe4b190608",
            "parentcaller": "0x7ffe4b19047b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b10b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 940
          },
          {
            "timestamp": "2026-04-16 20:05:59,618",
            "thread_id": "812",
            "caller": "0x7ffe4b190608",
            "parentcaller": "0x7ffe4b19047b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b04a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 941
          },
          {
            "timestamp": "2026-04-16 20:05:59,618",
            "thread_id": "812",
            "caller": "0x7ffe4b190608",
            "parentcaller": "0x7ffe4b19047b",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 942
          },
          {
            "timestamp": "2026-04-16 20:05:59,618",
            "thread_id": "812",
            "caller": "0x7ffe4b190608",
            "parentcaller": "0x7ffe4b19047b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefe9d1000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00004000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 943
          },
          {
            "timestamp": "2026-04-16 20:05:59,618",
            "thread_id": "812",
            "caller": "0x7ffe4b190608",
            "parentcaller": "0x7ffe4b19047b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefe9d1000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00004000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 944
          },
          {
            "timestamp": "2026-04-16 20:05:59,634",
            "thread_id": "812",
            "caller": "0x7ffe4b190608",
            "parentcaller": "0x7ffe4b19047b",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 945
          },
          {
            "timestamp": "2026-04-16 20:05:59,634",
            "thread_id": "812",
            "caller": "0x7ffe4b190608",
            "parentcaller": "0x7ffe4b19047b",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Globalization\\ru-ru.nlp"
              }
            ],
            "repeated": 0,
            "id": 946
          },
          {
            "timestamp": "2026-04-16 20:05:59,634",
            "thread_id": "812",
            "caller": "0x7ffe4b190608",
            "parentcaller": "0x7ffe4b19047b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              }
            ],
            "repeated": 0,
            "id": 947
          },
          {
            "timestamp": "2026-04-16 20:05:59,634",
            "thread_id": "812",
            "caller": "0x7ffe4b190608",
            "parentcaller": "0x7ffe4b19047b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetUserDefaultUILanguage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe400b30"
              }
            ],
            "repeated": 0,
            "id": 948
          },
          {
            "timestamp": "2026-04-16 20:05:59,634",
            "thread_id": "812",
            "caller": "0x7ffe4b190608",
            "parentcaller": "0x7ffe4b19047b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c0e000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 949
          },
          {
            "timestamp": "2026-04-16 20:05:59,634",
            "thread_id": "812",
            "caller": "0x7ffe4b190608",
            "parentcaller": "0x7ffe4b19047b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 950
          },
          {
            "timestamp": "2026-04-16 20:05:59,712",
            "thread_id": "812",
            "caller": "0x7ffe4b190608",
            "parentcaller": "0x7ffe4b19047b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00bfb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 951
          },
          {
            "timestamp": "2026-04-16 20:05:59,712",
            "thread_id": "812",
            "caller": "0x7ffe4b190608",
            "parentcaller": "0x7ffe4b19047b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c24000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 952
          },
          {
            "timestamp": "2026-04-16 20:05:59,759",
            "thread_id": "812",
            "caller": "0x7ffe4b190608",
            "parentcaller": "0x7ffe4b19047b",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefe850000"
              }
            ],
            "repeated": 0,
            "id": 953
          },
          {
            "timestamp": "2026-04-16 20:05:59,759",
            "thread_id": "812",
            "caller": "0x7ffe4b190608",
            "parentcaller": "0x7ffe4b19047b",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffefe850000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ntdll.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 954
          },
          {
            "timestamp": "2026-04-16 20:05:59,759",
            "thread_id": "812",
            "caller": "0x7ffe4b190608",
            "parentcaller": "0x7ffe4b19047b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe850000"
              },
              {
                "name": "FunctionName",
                "value": "NtQuerySystemInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe8ed6b0"
              }
            ],
            "repeated": 0,
            "id": 955
          },
          {
            "timestamp": "2026-04-16 20:05:59,759",
            "thread_id": "812",
            "caller": "0x7ffe4b190608",
            "parentcaller": "0x7ffe4b19047b",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "206"
              }
            ],
            "repeated": 0,
            "id": 956
          },
          {
            "timestamp": "2026-04-16 20:05:59,759",
            "thread_id": "812",
            "caller": "0x7ffe4b190608",
            "parentcaller": "0x7ffe4b19047b",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 957
          },
          {
            "timestamp": "2026-04-16 20:05:59,759",
            "thread_id": "812",
            "caller": "0x7ffe4b190608",
            "parentcaller": "0x7ffe4b19047b",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c0e000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 958
          },
          {
            "timestamp": "2026-04-16 20:05:59,759",
            "thread_id": "812",
            "caller": "0x7ffe4b190608",
            "parentcaller": "0x7ffe4b19047b",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00bfb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 959
          },
          {
            "timestamp": "2026-04-16 20:05:59,759",
            "thread_id": "812",
            "caller": "0x7ffe4b190608",
            "parentcaller": "0x7ffe4b19047b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b05a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 960
          },
          {
            "timestamp": "2026-04-16 20:05:59,759",
            "thread_id": "812",
            "caller": "0x7ffe4b190608",
            "parentcaller": "0x7ffe4b19047b",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 961
          },
          {
            "timestamp": "2026-04-16 20:05:59,759",
            "thread_id": "812",
            "caller": "0x7ffe4b190608",
            "parentcaller": "0x7ffe4b19047b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefe9d1000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00004000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 962
          },
          {
            "timestamp": "2026-04-16 20:05:59,759",
            "thread_id": "812",
            "caller": "0x7ffe4b190608",
            "parentcaller": "0x7ffe4b19047b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefe9d1000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00004000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 963
          },
          {
            "timestamp": "2026-04-16 20:05:59,884",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "user32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefd9e0000"
              }
            ],
            "repeated": 0,
            "id": 964
          },
          {
            "timestamp": "2026-04-16 20:05:59,884",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffefd9e0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "user32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 965
          },
          {
            "timestamp": "2026-04-16 20:05:59,884",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterWindowMessage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 966
          },
          {
            "timestamp": "2026-04-16 20:05:59,884",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterWindowMessageW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefda06af0"
              }
            ],
            "repeated": 0,
            "id": 967
          },
          {
            "timestamp": "2026-04-16 20:05:59,899",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b06f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 968
          },
          {
            "timestamp": "2026-04-16 20:05:59,993",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetSystemMetrics"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefda00e50"
              }
            ],
            "repeated": 0,
            "id": 969
          },
          {
            "timestamp": "2026-04-16 20:06:00,009",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b0a4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 970
          },
          {
            "timestamp": "2026-04-16 20:06:00,024",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b073000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 971
          },
          {
            "timestamp": "2026-04-16 20:06:00,243",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b05b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 972
          },
          {
            "timestamp": "2026-04-16 20:06:00,321",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b200000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 973
          },
          {
            "timestamp": "2026-04-16 20:06:00,321",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b200000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 974
          },
          {
            "timestamp": "2026-04-16 20:06:00,321",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 975
          },
          {
            "timestamp": "2026-04-16 20:06:00,321",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefe9d1000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00004000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 976
          },
          {
            "timestamp": "2026-04-16 20:06:00,321",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefe9d1000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00004000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 977
          },
          {
            "timestamp": "2026-04-16 20:06:00,321",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "AdjustWindowRectEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd9f65d0"
              }
            ],
            "repeated": 0,
            "id": 978
          },
          {
            "timestamp": "2026-04-16 20:06:00,321",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentProcess"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe404880"
              }
            ],
            "repeated": 0,
            "id": 979
          },
          {
            "timestamp": "2026-04-16 20:06:00,321",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentThread"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3f58a0"
              }
            ],
            "repeated": 0,
            "id": 980
          },
          {
            "timestamp": "2026-04-16 20:06:00,321",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "DuplicateHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe4048f0"
              }
            ],
            "repeated": 0,
            "id": 981
          },
          {
            "timestamp": "2026-04-16 20:06:00,321",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000384"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 982
          },
          {
            "timestamp": "2026-04-16 20:06:00,337",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentThreadId"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3f5550"
              }
            ],
            "repeated": 0,
            "id": 983
          },
          {
            "timestamp": "2026-04-16 20:06:00,337",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b066000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 984
          },
          {
            "timestamp": "2026-04-16 20:06:00,384",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b201000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 985
          },
          {
            "timestamp": "2026-04-16 20:06:00,399",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "lstrlen"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3faab0"
              }
            ],
            "repeated": 0,
            "id": 986
          },
          {
            "timestamp": "2026-04-16 20:06:00,399",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "lstrlenW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3f7000"
              }
            ],
            "repeated": 0,
            "id": 987
          },
          {
            "timestamp": "2026-04-16 20:06:00,399",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetModuleHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 988
          },
          {
            "timestamp": "2026-04-16 20:06:00,399",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetModuleHandleW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3fd130"
              }
            ],
            "repeated": 0,
            "id": 989
          },
          {
            "timestamp": "2026-04-16 20:06:00,399",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "user32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              }
            ],
            "repeated": 0,
            "id": 990
          },
          {
            "timestamp": "2026-04-16 20:06:00,399",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetProcAddress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3faec0"
              }
            ],
            "repeated": 0,
            "id": 991
          },
          {
            "timestamp": "2026-04-16 20:06:00,399",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetACP"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3fe060"
              }
            ],
            "repeated": 0,
            "id": 992
          },
          {
            "timestamp": "2026-04-16 20:06:00,477",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\NLS_CodePage_1251_3_2_0_0"
              }
            ],
            "repeated": 0,
            "id": 993
          },
          {
            "timestamp": "2026-04-16 20:06:00,477",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "NLS_CodePage_1251_3_2_0_0"
              }
            ],
            "repeated": 0,
            "id": 994
          },
          {
            "timestamp": "2026-04-16 20:06:00,477",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000380"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\NLS_CodePage_1251_3_2_0_0"
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 995
          },
          {
            "timestamp": "2026-04-16 20:06:00,477",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000380"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02860000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007eca70"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 996
          },
          {
            "timestamp": "2026-04-16 20:06:00,477",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "UnmapViewOfFile"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3fe000"
              }
            ],
            "repeated": 0,
            "id": 997
          },
          {
            "timestamp": "2026-04-16 20:06:00,477",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "CloseHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe4048e0"
              }
            ],
            "repeated": 0,
            "id": 998
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ole32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefd110000"
              }
            ],
            "repeated": 0,
            "id": 999
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffefd110000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ole32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1000
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd110000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefcd631b0"
              }
            ],
            "repeated": 0,
            "id": 1001
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "DefWindowProcW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe8eccd0"
              }
            ],
            "repeated": 0,
            "id": 1002
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd110000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefcd61ea0"
              }
            ],
            "repeated": 0,
            "id": 1003
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "gdi32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefd7d0000"
              }
            ],
            "repeated": 0,
            "id": 1004
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffefd7d0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "gdi32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1005
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd7d0000"
              },
              {
                "name": "FunctionName",
                "value": "GetStockObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd7d3910"
              }
            ],
            "repeated": 0,
            "id": 1006
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 1007
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b043000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1008
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 1,
            "id": 1009
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterClass"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1010
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterClassW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd9e72f0"
              }
            ],
            "repeated": 0,
            "id": 1011
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd110000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefcd631b0"
              }
            ],
            "repeated": 0,
            "id": 1012
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00bfb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1013
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd110000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefcd61ea0"
              }
            ],
            "repeated": 0,
            "id": 1014
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateWindowEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1015
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateWindowExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd9e7720"
              }
            ],
            "repeated": 0,
            "id": 1016
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "SetWindowLongPtr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1017
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "SetWindowLongPtrW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd9eb7c0"
              }
            ],
            "repeated": 0,
            "id": 1018
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowLongPtr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1019
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowLongPtrW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd9ef830"
              }
            ],
            "repeated": 0,
            "id": 1020
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b115000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1021
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "advapi32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefd720000"
              }
            ],
            "repeated": 0,
            "id": 1022
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffefd720000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "advapi32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1023
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "RegCloseKey"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd736af0"
              }
            ],
            "repeated": 0,
            "id": 1024
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "RegOpenKeyEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1025
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "RegOpenKeyExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd736010"
              }
            ],
            "repeated": 0,
            "id": 1026
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 1027
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryValueEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1028
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryValueExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd735ff0"
              }
            ],
            "repeated": 0,
            "id": 1029
          },
          {
            "timestamp": "2026-04-16 20:06:00,509",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "DbgJITDebugLaunchSetting"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\DbgJITDebugLaunchSetting"
              }
            ],
            "repeated": 0,
            "id": 1030
          },
          {
            "timestamp": "2026-04-16 20:06:00,524",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "DbgManagedDebugger"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\DbgManagedDebugger"
              }
            ],
            "repeated": 0,
            "id": 1031
          },
          {
            "timestamp": "2026-04-16 20:06:00,524",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 1032
          },
          {
            "timestamp": "2026-04-16 20:06:00,524",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "SetWindowLongPtr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1033
          },
          {
            "timestamp": "2026-04-16 20:06:00,524",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "SetWindowLongPtrW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd9eb7c0"
              }
            ],
            "repeated": 0,
            "id": 1034
          },
          {
            "timestamp": "2026-04-16 20:06:00,524",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "CallWindowProc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1035
          },
          {
            "timestamp": "2026-04-16 20:06:00,524",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "CallWindowProcW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd9ee460"
              }
            ],
            "repeated": 0,
            "id": 1036
          },
          {
            "timestamp": "2026-04-16 20:06:00,524",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetClientRect"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd9f2d30"
              }
            ],
            "repeated": 0,
            "id": 1037
          },
          {
            "timestamp": "2026-04-16 20:06:00,524",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowRect"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd9f46e0"
              }
            ],
            "repeated": 0,
            "id": 1038
          },
          {
            "timestamp": "2026-04-16 20:06:00,524",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b202000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1039
          },
          {
            "timestamp": "2026-04-16 20:06:00,524",
            "thread_id": "812",
            "caller": "0x7ffe4b190932",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetParent"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd9fdd20"
              }
            ],
            "repeated": 0,
            "id": 1040
          },
          {
            "timestamp": "2026-04-16 20:06:00,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1909a1",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\uxtheme.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1041
          },
          {
            "timestamp": "2026-04-16 20:06:00,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1909a1",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\uxtheme.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 1042
          },
          {
            "timestamp": "2026-04-16 20:06:00,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1909a1",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "uxtheme.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffef9980000"
              }
            ],
            "repeated": 0,
            "id": 1043
          },
          {
            "timestamp": "2026-04-16 20:06:00,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1909a1",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffef9980000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "uxtheme.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1044
          },
          {
            "timestamp": "2026-04-16 20:06:00,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1909a1",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffef9980000"
              },
              {
                "name": "FunctionName",
                "value": "IsAppThemed"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffef999d440"
              }
            ],
            "repeated": 0,
            "id": 1045
          },
          {
            "timestamp": "2026-04-16 20:06:00,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1909a1",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffef9980000"
              },
              {
                "name": "FunctionName",
                "value": "IsAppThemedW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1046
          },
          {
            "timestamp": "2026-04-16 20:06:00,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1909a1",
            "parentcaller": "0x7ffe4b190608",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\Sessions\\1\\Windows\\ThemeSection"
              }
            ],
            "repeated": 0,
            "id": 1047
          },
          {
            "timestamp": "2026-04-16 20:06:00,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1909a1",
            "parentcaller": "0x7ffe4b190608",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02830000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007ed850"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1048
          },
          {
            "timestamp": "2026-04-16 20:06:00,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1909a1",
            "parentcaller": "0x7ffe4b190608",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02830000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1049
          },
          {
            "timestamp": "2026-04-16 20:06:00,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1909a1",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 1050
          },
          {
            "timestamp": "2026-04-16 20:06:00,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1909a1",
            "parentcaller": "0x7ffe4b190608",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 1051
          },
          {
            "timestamp": "2026-04-16 20:06:00,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1909a1",
            "parentcaller": "0x7ffe4b190608",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\Sessions\\1\\Windows\\ThemeSection"
              }
            ],
            "repeated": 0,
            "id": 1052
          },
          {
            "timestamp": "2026-04-16 20:06:00,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1909a1",
            "parentcaller": "0x7ffe4b190608",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02830000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007ed880"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1053
          },
          {
            "timestamp": "2026-04-16 20:06:00,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1909a1",
            "parentcaller": "0x7ffe4b190608",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02830000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1054
          },
          {
            "timestamp": "2026-04-16 20:06:00,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1909a1",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 1055
          },
          {
            "timestamp": "2026-04-16 20:06:00,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1909a1",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateActCtx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1056
          },
          {
            "timestamp": "2026-04-16 20:06:00,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1909a1",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateActCtxA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe401bc0"
              }
            ],
            "repeated": 0,
            "id": 1057
          },
          {
            "timestamp": "2026-04-16 20:06:00,665",
            "thread_id": "812",
            "caller": "0x7ffe4b1909a1",
            "parentcaller": "0x7ffe4b190608",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x001200a9",
                "pretty_value": "FILE_GENERIC_READ|FILE_GENERIC_EXECUTE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1058
          },
          {
            "timestamp": "2026-04-16 20:06:00,727",
            "thread_id": "812",
            "caller": "0x7ffe4b1909a1",
            "parentcaller": "0x7ffe4b190608",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000388"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004",
                "pretty_value": "SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000036c"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll"
              }
            ],
            "repeated": 0,
            "id": 1059
          },
          {
            "timestamp": "2026-04-16 20:06:00,727",
            "thread_id": "812",
            "caller": "0x7ffe4b1909a1",
            "parentcaller": "0x7ffe4b190608",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x4000000e",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000388"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x004ce000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1060
          },
          {
            "timestamp": "2026-04-16 20:06:00,727",
            "thread_id": "812",
            "caller": "0x7ffe4b1909a1",
            "parentcaller": "0x7ffe4b190608",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000038c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
              }
            ],
            "repeated": 0,
            "id": 1061
          },
          {
            "timestamp": "2026-04-16 20:06:00,727",
            "thread_id": "812",
            "caller": "0x7ffe4b1909a1",
            "parentcaller": "0x7ffe4b190608",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000038c"
              },
              {
                "name": "ValueName",
                "value": "PreferExternalManifest"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest"
              }
            ],
            "repeated": 0,
            "id": 1062
          },
          {
            "timestamp": "2026-04-16 20:06:00,727",
            "thread_id": "812",
            "caller": "0x7ffe4b1909a1",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              }
            ],
            "repeated": 0,
            "id": 1063
          },
          {
            "timestamp": "2026-04-16 20:06:00,727",
            "thread_id": "812",
            "caller": "0x7ffe4b1909a1",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 1064
          },
          {
            "timestamp": "2026-04-16 20:06:00,727",
            "thread_id": "812",
            "caller": "0x7ffe4b1909a1",
            "parentcaller": "0x7ffe4b190608",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 1065
          },
          {
            "timestamp": "2026-04-16 20:06:00,727",
            "thread_id": "812",
            "caller": "0x7ffe4b1909a1",
            "parentcaller": "0x7ffe4b190608",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1066
          },
          {
            "timestamp": "2026-04-16 20:06:00,727",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentActCtx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe401f80"
              }
            ],
            "repeated": 0,
            "id": 1067
          },
          {
            "timestamp": "2026-04-16 20:06:00,727",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "ActivateActCtx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe400080"
              }
            ],
            "repeated": 0,
            "id": 1068
          },
          {
            "timestamp": "2026-04-16 20:06:00,743",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c0e000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1069
          },
          {
            "timestamp": "2026-04-16 20:06:00,743",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b203000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1070
          },
          {
            "timestamp": "2026-04-16 20:06:00,852",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 1071
          },
          {
            "timestamp": "2026-04-16 20:06:00,852",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000388"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "MSCTF.dll"
              }
            ],
            "repeated": 0,
            "id": 1072
          },
          {
            "timestamp": "2026-04-16 20:06:00,852",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000388"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefe6c0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00115000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1073
          },
          {
            "timestamp": "2026-04-16 20:06:00,852",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefe7d1000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1074
          },
          {
            "timestamp": "2026-04-16 20:06:00,852",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefe79c000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1075
          },
          {
            "timestamp": "2026-04-16 20:06:00,852",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 1076
          },
          {
            "timestamp": "2026-04-16 20:06:00,852",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefe79c000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1077
          },
          {
            "timestamp": "2026-04-16 20:06:00,852",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "35"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\t\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1078
          },
          {
            "timestamp": "2026-04-16 20:06:00,852",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\MSCTF"
              },
              {
                "name": "DllBase",
                "value": "0x7ffefe6c0000"
              }
            ],
            "repeated": 0,
            "id": 1079
          },
          {
            "timestamp": "2026-04-16 20:06:00,852",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\System32\\msctf"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefe6c0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ffefe7009c0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1080
          },
          {
            "timestamp": "2026-04-16 20:06:00,852",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefe809000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1081
          },
          {
            "timestamp": "2026-04-16 20:06:00,852",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefe809000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1082
          },
          {
            "timestamp": "2026-04-16 20:06:00,852",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000390"
              }
            ],
            "repeated": 0,
            "id": 1083
          },
          {
            "timestamp": "2026-04-16 20:06:00,852",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000394"
              }
            ],
            "repeated": 0,
            "id": 1084
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefe809000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1085
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefe809000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1086
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefd7f6000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1087
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefd7f6000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1088
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000394"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\Sessions\\1\\Windows\\ThemeSection"
              }
            ],
            "repeated": 0,
            "id": 1089
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000394"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02880000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007ec170"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1090
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000390"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\Windows\\Theme3753190323"
              }
            ],
            "repeated": 0,
            "id": 1091
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000398"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\Sessions\\1\\Windows\\Theme4068553709"
              }
            ],
            "repeated": 0,
            "id": 1092
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02880000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1093
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000394"
              }
            ],
            "repeated": 0,
            "id": 1094
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000390"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007ec890"
              },
              {
                "name": "ViewSize",
                "value": "0x000e2000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1095
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000398"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02880000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007ec890"
              },
              {
                "name": "ViewSize",
                "value": "0x00004000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1096
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe850000"
              }
            ],
            "repeated": 0,
            "id": 1097
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe850000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe8593b0"
              }
            ],
            "repeated": 0,
            "id": 1098
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe850000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe8efc40"
              }
            ],
            "repeated": 0,
            "id": 1099
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe850000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe8924a0"
              }
            ],
            "repeated": 0,
            "id": 1100
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe850000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe8cf9a0"
              }
            ],
            "repeated": 0,
            "id": 1101
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe850000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe8acbc0"
              }
            ],
            "repeated": 0,
            "id": 1102
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe850000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe8b3380"
              }
            ],
            "repeated": 0,
            "id": 1103
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:4156:304:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1104
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1105
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1106
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000394"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1107
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1108
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1109
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1110
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1111
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              }
            ],
            "repeated": 0,
            "id": 1112
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000394"
              }
            ],
            "repeated": 0,
            "id": 1113
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              }
            ],
            "repeated": 0,
            "id": 1114
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              }
            ],
            "repeated": 0,
            "id": 1115
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowTextLength"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1116
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowTextLengthW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd9ea200"
              }
            ],
            "repeated": 0,
            "id": 1117
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowText"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1118
          },
          {
            "timestamp": "2026-04-16 20:06:00,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowTextW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd9ec2f0"
              }
            ],
            "repeated": 0,
            "id": 1119
          },
          {
            "timestamp": "2026-04-16 20:06:01,009",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetProcessWindowStation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefda14160"
              }
            ],
            "repeated": 0,
            "id": 1120
          },
          {
            "timestamp": "2026-04-16 20:06:01,009",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetUserObjectInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1121
          },
          {
            "timestamp": "2026-04-16 20:06:01,009",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetUserObjectInformationA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefda0c3f0"
              }
            ],
            "repeated": 0,
            "id": 1122
          },
          {
            "timestamp": "2026-04-16 20:06:01,009",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "SetConsoleCtrlHandler"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe405390"
              }
            ],
            "repeated": 0,
            "id": 1123
          },
          {
            "timestamp": "2026-04-16 20:06:01,009",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "SetConsoleCtrlHandlerW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1124
          },
          {
            "timestamp": "2026-04-16 20:06:01,009",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetModuleHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1125
          },
          {
            "timestamp": "2026-04-16 20:06:01,009",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetModuleHandleW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3fd130"
              }
            ],
            "repeated": 0,
            "id": 1126
          },
          {
            "timestamp": "2026-04-16 20:06:01,009",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetClassInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1127
          },
          {
            "timestamp": "2026-04-16 20:06:01,009",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetClassInfoW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd9e7070"
              }
            ],
            "repeated": 0,
            "id": 1128
          },
          {
            "timestamp": "2026-04-16 20:06:01,009",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterClass"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1129
          },
          {
            "timestamp": "2026-04-16 20:06:01,009",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterClassW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd9e72f0"
              }
            ],
            "repeated": 0,
            "id": 1130
          },
          {
            "timestamp": "2026-04-16 20:06:01,009",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02852000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1131
          },
          {
            "timestamp": "2026-04-16 20:06:01,009",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              }
            ],
            "repeated": 0,
            "id": 1132
          },
          {
            "timestamp": "2026-04-16 20:06:01,009",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003a0"
              },
              {
                "name": "ValueName",
                "value": "ResourcePolicies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies"
              }
            ],
            "repeated": 0,
            "id": 1133
          },
          {
            "timestamp": "2026-04-16 20:06:01,009",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a0"
              }
            ],
            "repeated": 0,
            "id": 1134
          },
          {
            "timestamp": "2026-04-16 20:06:01,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x040c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1135
          },
          {
            "timestamp": "2026-04-16 20:06:01,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x040c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1136
          },
          {
            "timestamp": "2026-04-16 20:06:01,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateWindowEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1137
          },
          {
            "timestamp": "2026-04-16 20:06:01,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateWindowExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd9e7720"
              }
            ],
            "repeated": 0,
            "id": 1138
          },
          {
            "timestamp": "2026-04-16 20:06:01,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "DefWindowProc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1139
          },
          {
            "timestamp": "2026-04-16 20:06:01,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "DefWindowProcW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe8eccd0"
              }
            ],
            "repeated": 0,
            "id": 1140
          },
          {
            "timestamp": "2026-04-16 20:06:01,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b060000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1141
          },
          {
            "timestamp": "2026-04-16 20:06:01,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetStartupInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1142
          },
          {
            "timestamp": "2026-04-16 20:06:01,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetStartupInfoW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3fd830"
              }
            ],
            "repeated": 0,
            "id": 1143
          },
          {
            "timestamp": "2026-04-16 20:06:01,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowPlacement"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefda142e0"
              }
            ],
            "repeated": 0,
            "id": 1144
          },
          {
            "timestamp": "2026-04-16 20:06:01,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b204000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1145
          },
          {
            "timestamp": "2026-04-16 20:06:01,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd52000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1146
          },
          {
            "timestamp": "2026-04-16 20:06:01,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000394"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              }
            ],
            "repeated": 0,
            "id": 1147
          },
          {
            "timestamp": "2026-04-16 20:06:01,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000394"
              },
              {
                "name": "ValueName",
                "value": "ResourcePolicies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies"
              }
            ],
            "repeated": 0,
            "id": 1148
          },
          {
            "timestamp": "2026-04-16 20:06:01,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000394"
              }
            ],
            "repeated": 0,
            "id": 1149
          },
          {
            "timestamp": "2026-04-16 20:06:01,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x040d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1150
          },
          {
            "timestamp": "2026-04-16 20:06:01,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x040d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1151
          },
          {
            "timestamp": "2026-04-16 20:06:01,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd54000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1152
          },
          {
            "timestamp": "2026-04-16 20:06:01,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd55000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1153
          },
          {
            "timestamp": "2026-04-16 20:06:01,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd56000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1154
          },
          {
            "timestamp": "2026-04-16 20:06:01,274",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05322000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1155
          },
          {
            "timestamp": "2026-04-16 20:06:01,274",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetSystemMetrics"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefda00e50"
              }
            ],
            "repeated": 0,
            "id": 1156
          },
          {
            "timestamp": "2026-04-16 20:06:01,274",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefda06130"
              }
            ],
            "repeated": 0,
            "id": 1157
          },
          {
            "timestamp": "2026-04-16 20:06:01,290",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd7d0000"
              },
              {
                "name": "FunctionName",
                "value": "GetDeviceCaps"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd7d3290"
              }
            ],
            "repeated": 0,
            "id": 1158
          },
          {
            "timestamp": "2026-04-16 20:06:01,571",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentProcessId"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe404890"
              }
            ],
            "repeated": 0,
            "id": 1159
          },
          {
            "timestamp": "2026-04-16 20:06:01,571",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentProcessIdW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1160
          },
          {
            "timestamp": "2026-04-16 20:06:01,587",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b210000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1161
          },
          {
            "timestamp": "2026-04-16 20:06:01,587",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b210000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1162
          },
          {
            "timestamp": "2026-04-16 20:06:01,587",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1163
          },
          {
            "timestamp": "2026-04-16 20:06:01,587",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefe9d1000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00004000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1164
          },
          {
            "timestamp": "2026-04-16 20:06:01,587",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefe9d1000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00004000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1165
          },
          {
            "timestamp": "2026-04-16 20:06:01,587",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "FindAtom"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1166
          },
          {
            "timestamp": "2026-04-16 20:06:01,587",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "FindAtomW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3f2d10"
              }
            ],
            "repeated": 0,
            "id": 1167
          },
          {
            "timestamp": "2026-04-16 20:06:01,587",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "AddAtom"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1168
          },
          {
            "timestamp": "2026-04-16 20:06:01,587",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "AddAtomW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3f28f0"
              }
            ],
            "repeated": 0,
            "id": 1169
          },
          {
            "timestamp": "2026-04-16 20:06:01,587",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "mscoree.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef230000"
              }
            ],
            "repeated": 0,
            "id": 1170
          },
          {
            "timestamp": "2026-04-16 20:06:01,587",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffeef230000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "mscoree.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1171
          },
          {
            "timestamp": "2026-04-16 20:06:01,587",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef230000"
              },
              {
                "name": "FunctionName",
                "value": "LoadLibraryShim"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffeef236960"
              }
            ],
            "repeated": 0,
            "id": 1172
          },
          {
            "timestamp": "2026-04-16 20:06:01,587",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef080000"
              },
              {
                "name": "FunctionName",
                "value": "LoadLibraryShim_RetAddr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1173
          },
          {
            "timestamp": "2026-04-16 20:06:01,587",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef080000"
              },
              {
                "name": "FunctionName",
                "value": "LoadLibraryShim"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffeef0a80e0"
              }
            ],
            "repeated": 0,
            "id": 1174
          },
          {
            "timestamp": "2026-04-16 20:06:01,587",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Gdiplus.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1175
          },
          {
            "timestamp": "2026-04-16 20:06:01,587",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Gdiplus.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 1176
          },
          {
            "timestamp": "2026-04-16 20:06:01,587",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.2006_none_919e9136cc8d4791\\gdiplus"
              },
              {
                "name": "DllBase",
                "value": "0x7ffed40d0000"
              }
            ],
            "repeated": 0,
            "id": 1177
          },
          {
            "timestamp": "2026-04-16 20:06:01,587",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "gdiplus.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffed40d0000"
              }
            ],
            "repeated": 0,
            "id": 1178
          },
          {
            "timestamp": "2026-04-16 20:06:01,587",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffed40d0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "gdiplus.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1179
          },
          {
            "timestamp": "2026-04-16 20:06:01,587",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1e1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1180
          },
          {
            "timestamp": "2026-04-16 20:06:01,587",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffed40d0000"
              },
              {
                "name": "FunctionName",
                "value": "GdiplusStartup"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffed40d7280"
              }
            ],
            "repeated": 0,
            "id": 1181
          },
          {
            "timestamp": "2026-04-16 20:06:01,618",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "HeapCreate",
            "status": true,
            "return": "0x1df30000",
            "arguments": [
              {
                "name": "Options",
                "value": "0"
              },
              {
                "name": "InitialSize",
                "value": "0x00000000"
              },
              {
                "name": "MaximumSize",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1182
          },
          {
            "timestamp": "2026-04-16 20:06:01,618",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1183
          },
          {
            "timestamp": "2026-04-16 20:06:01,618",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefd7f6000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1184
          },
          {
            "timestamp": "2026-04-16 20:06:01,618",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefd7f6000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1185
          },
          {
            "timestamp": "2026-04-16 20:06:01,618",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "user32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              }
            ],
            "repeated": 0,
            "id": 1186
          },
          {
            "timestamp": "2026-04-16 20:06:01,618",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd9f05c0"
              }
            ],
            "repeated": 0,
            "id": 1187
          },
          {
            "timestamp": "2026-04-16 20:06:01,618",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetAncestor"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefda13e30"
              }
            ],
            "repeated": 0,
            "id": 1188
          },
          {
            "timestamp": "2026-04-16 20:06:01,618",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetMonitorInfoA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefda0dbe0"
              }
            ],
            "repeated": 0,
            "id": 1189
          },
          {
            "timestamp": "2026-04-16 20:06:01,618",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "EnumDisplayMonitors"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefda13dd0"
              }
            ],
            "repeated": 0,
            "id": 1190
          },
          {
            "timestamp": "2026-04-16 20:06:01,618",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "EnumDisplayDevicesA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd9e8c30"
              }
            ],
            "repeated": 0,
            "id": 1191
          },
          {
            "timestamp": "2026-04-16 20:06:01,618",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefd7f6000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1192
          },
          {
            "timestamp": "2026-04-16 20:06:01,618",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefd7f6000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1193
          },
          {
            "timestamp": "2026-04-16 20:06:01,618",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "GetSystemMetrics",
            "status": true,
            "return": "0x00000400",
            "arguments": [
              {
                "name": "SystemMetricIndex",
                "value": "78"
              }
            ],
            "repeated": 0,
            "id": 1194
          },
          {
            "timestamp": "2026-04-16 20:06:01,618",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "GetSystemMetrics",
            "status": true,
            "return": "0x00000300",
            "arguments": [
              {
                "name": "SystemMetricIndex",
                "value": "79"
              }
            ],
            "repeated": 0,
            "id": 1195
          },
          {
            "timestamp": "2026-04-16 20:06:01,618",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefd7f6000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1196
          },
          {
            "timestamp": "2026-04-16 20:06:01,618",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefd7f6000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1197
          },
          {
            "timestamp": "2026-04-16 20:06:01,618",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "gdi32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd7d0000"
              }
            ],
            "repeated": 0,
            "id": 1198
          },
          {
            "timestamp": "2026-04-16 20:06:01,618",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd7d0000"
              },
              {
                "name": "FunctionName",
                "value": "ExtTextOutW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd7d36d0"
              }
            ],
            "repeated": 0,
            "id": 1199
          },
          {
            "timestamp": "2026-04-16 20:06:01,618",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd7d0000"
              },
              {
                "name": "FunctionName",
                "value": "GdiIsMetaPrintDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd7d9c00"
              }
            ],
            "repeated": 0,
            "id": 1200
          },
          {
            "timestamp": "2026-04-16 20:06:01,618",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.2006_none_919e9136cc8d4791\\GdiPlus.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffed40d0000"
              }
            ],
            "repeated": 0,
            "id": 1201
          },
          {
            "timestamp": "2026-04-16 20:06:01,649",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffed40d0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.2006_none_919e9136cc8d4791\\gdiplus.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1202
          },
          {
            "timestamp": "2026-04-16 20:06:01,649",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ffed40d9020"
              },
              {
                "name": "Parameter",
                "value": "0x1df31ef0"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "3140"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              },
              {
                "name": "Module",
                "value": "gdiplus.dll"
              }
            ],
            "repeated": 0,
            "id": 1203
          },
          {
            "timestamp": "2026-04-16 20:06:01,649",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x000003a4",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ffed40d9020"
              },
              {
                "name": "Parameter",
                "value": "0x1df31ef0"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "3140"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 1204
          },
          {
            "timestamp": "2026-04-16 20:06:01,649",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "ReleaseDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefda03b40"
              }
            ],
            "repeated": 0,
            "id": 1205
          },
          {
            "timestamp": "2026-04-16 20:06:01,649",
            "thread_id": "3140",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffefc5e2d56",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              }
            ],
            "repeated": 0,
            "id": 1206
          },
          {
            "timestamp": "2026-04-16 20:06:01,649",
            "thread_id": "3140",
            "caller": "0x7ffefe8c4fed",
            "parentcaller": "0x7ffefe8c4bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1207
          },
          {
            "timestamp": "2026-04-16 20:06:01,649",
            "thread_id": "3140",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ffed40d9020"
              },
              {
                "name": "Parameter",
                "value": "0x1df31ef0"
              }
            ],
            "repeated": 0,
            "id": 1208
          },
          {
            "timestamp": "2026-04-16 20:06:01,649",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateIconFromResourceEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefda05850"
              }
            ],
            "repeated": 0,
            "id": 1209
          },
          {
            "timestamp": "2026-04-16 20:06:01,649",
            "thread_id": "3140",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1df32000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1210
          },
          {
            "timestamp": "2026-04-16 20:06:01,649",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefd7f6000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1211
          },
          {
            "timestamp": "2026-04-16 20:06:01,649",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefd7f6000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1212
          },
          {
            "timestamp": "2026-04-16 20:06:01,649",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefd7f6000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1213
          },
          {
            "timestamp": "2026-04-16 20:06:01,649",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefd7f6000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1214
          },
          {
            "timestamp": "2026-04-16 20:06:01,649",
            "thread_id": "3140",
            "caller": "0x7ffefda01de0",
            "parentcaller": "0x7ffefda01d83",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ffed40d0000"
              },
              {
                "name": "Type",
                "value": "#4"
              },
              {
                "name": "Name",
                "value": "GDI+ Hook Window"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1215
          },
          {
            "timestamp": "2026-04-16 20:06:01,649",
            "thread_id": "3140",
            "caller": "0x7ffefe886798",
            "parentcaller": "0x7ffefc623c03",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b8"
              }
            ],
            "repeated": 0,
            "id": 1216
          },
          {
            "timestamp": "2026-04-16 20:06:01,649",
            "thread_id": "3140",
            "caller": "0x7ffefe8867b9",
            "parentcaller": "0x7ffefc623c03",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003bc"
              }
            ],
            "repeated": 0,
            "id": 1217
          },
          {
            "timestamp": "2026-04-16 20:06:01,649",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "SendMessage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1218
          },
          {
            "timestamp": "2026-04-16 20:06:01,649",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "SendMessageW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd9ed5b0"
              }
            ],
            "repeated": 0,
            "id": 1219
          },
          {
            "timestamp": "2026-04-16 20:06:01,649",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetSystemMenu"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefda141f0"
              }
            ],
            "repeated": 0,
            "id": 1220
          },
          {
            "timestamp": "2026-04-16 20:06:01,649",
            "thread_id": "3140",
            "caller": "0x7ffefc5eb14b",
            "parentcaller": "0x7ffed40d958e",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000003bc"
              }
            ],
            "repeated": 0,
            "id": 1221
          },
          {
            "timestamp": "2026-04-16 20:06:01,649",
            "thread_id": "3140",
            "caller": "0x7ffefc5dac8b",
            "parentcaller": "0x7ffed40d95ba",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "26"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1222
          },
          {
            "timestamp": "2026-04-16 20:06:01,649",
            "thread_id": "3140",
            "caller": "0x7ffefc5da405",
            "parentcaller": "0x7ffed40d95d6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003bc"
              }
            ],
            "repeated": 0,
            "id": 1223
          },
          {
            "timestamp": "2026-04-16 20:06:01,649",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x040f07d0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "Type",
                "value": "#4"
              },
              {
                "name": "Name",
                "value": "#16"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1224
          },
          {
            "timestamp": "2026-04-16 20:06:01,649",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x040f11fc",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x040f07d0"
              }
            ],
            "repeated": 0,
            "id": 1225
          },
          {
            "timestamp": "2026-04-16 20:06:01,649",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b205000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1226
          },
          {
            "timestamp": "2026-04-16 20:06:01,649",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "EnableMenuItem"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd9ff830"
              }
            ],
            "repeated": 0,
            "id": 1227
          },
          {
            "timestamp": "2026-04-16 20:06:01,649",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "SendMessage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1228
          },
          {
            "timestamp": "2026-04-16 20:06:01,649",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "SendMessageW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd9ed5b0"
              }
            ],
            "repeated": 0,
            "id": 1229
          },
          {
            "timestamp": "2026-04-16 20:06:01,665",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "SetWindowPos"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefda14d00"
              }
            ],
            "repeated": 0,
            "id": 1230
          },
          {
            "timestamp": "2026-04-16 20:06:01,665",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "RedrawWindow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefda14820"
              }
            ],
            "repeated": 0,
            "id": 1231
          },
          {
            "timestamp": "2026-04-16 20:06:01,665",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "ShowWindow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefda14d60"
              }
            ],
            "repeated": 0,
            "id": 1232
          },
          {
            "timestamp": "2026-04-16 20:06:01,696",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "SendMessage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1233
          },
          {
            "timestamp": "2026-04-16 20:06:01,696",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "SendMessageW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd9ed5b0"
              }
            ],
            "repeated": 0,
            "id": 1234
          },
          {
            "timestamp": "2026-04-16 20:06:01,696",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b206000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1235
          },
          {
            "timestamp": "2026-04-16 20:06:01,712",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowThreadProcessId"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd9e3500"
              }
            ],
            "repeated": 0,
            "id": 1236
          },
          {
            "timestamp": "2026-04-16 20:06:01,712",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "PostMessage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1237
          },
          {
            "timestamp": "2026-04-16 20:06:01,712",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "PostMessageW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefda01040"
              }
            ],
            "repeated": 0,
            "id": 1238
          },
          {
            "timestamp": "2026-04-16 20:06:01,712",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0003018c"
              },
              {
                "name": "Message",
                "value": "0x0000c1b0"
              }
            ],
            "repeated": 0,
            "id": 1239
          },
          {
            "timestamp": "2026-04-16 20:06:01,727",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd110000"
              },
              {
                "name": "FunctionName",
                "value": "OleInitialize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd11d120"
              }
            ],
            "repeated": 0,
            "id": 1240
          },
          {
            "timestamp": "2026-04-16 20:06:01,727",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000003b8"
              }
            ],
            "repeated": 0,
            "id": 1241
          },
          {
            "timestamp": "2026-04-16 20:06:01,727",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1242
          },
          {
            "timestamp": "2026-04-16 20:06:01,727",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b8"
              }
            ],
            "repeated": 0,
            "id": 1243
          },
          {
            "timestamp": "2026-04-16 20:06:01,727",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "OleDropTargetInterface"
              },
              {
                "name": "Atom",
                "value": "0x0000c01b"
              }
            ],
            "repeated": 0,
            "id": 1244
          },
          {
            "timestamp": "2026-04-16 20:06:01,727",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "OleDropTargetMarshalHwnd"
              },
              {
                "name": "Atom",
                "value": "0x0000c01c"
              }
            ],
            "repeated": 0,
            "id": 1245
          },
          {
            "timestamp": "2026-04-16 20:06:01,727",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd110000"
              },
              {
                "name": "FunctionName",
                "value": "CoRegisterMessageFilter"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd138030"
              }
            ],
            "repeated": 0,
            "id": 1246
          },
          {
            "timestamp": "2026-04-16 20:06:01,727",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefd220000"
              },
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1247
          },
          {
            "timestamp": "2026-04-16 20:06:01,727",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefd220000"
              },
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1248
          },
          {
            "timestamp": "2026-04-16 20:06:01,727",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "PeekMessage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1249
          },
          {
            "timestamp": "2026-04-16 20:06:01,727",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "PeekMessageW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd9ea3e0"
              }
            ],
            "repeated": 0,
            "id": 1250
          },
          {
            "timestamp": "2026-04-16 20:06:01,727",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "IsWindowUnicode"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd9f17e0"
              }
            ],
            "repeated": 0,
            "id": 1251
          },
          {
            "timestamp": "2026-04-16 20:06:01,727",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetMessageW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefda01b10"
              }
            ],
            "repeated": 0,
            "id": 1252
          },
          {
            "timestamp": "2026-04-16 20:06:01,743",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "TranslateMessage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd9e9400"
              }
            ],
            "repeated": 0,
            "id": 1253
          },
          {
            "timestamp": "2026-04-16 20:06:01,743",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "DispatchMessageW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd9ee040"
              }
            ],
            "repeated": 0,
            "id": 1254
          },
          {
            "timestamp": "2026-04-16 20:06:01,743",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "ChangeWindowMessageFilter",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "message",
                "value": "49238"
              },
              {
                "name": "dwFlag",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1255
          },
          {
            "timestamp": "2026-04-16 20:06:01,743",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "ChangeWindowMessageFilter",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "message",
                "value": "49239"
              },
              {
                "name": "dwFlag",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1256
          },
          {
            "timestamp": "2026-04-16 20:06:01,759",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1257
          },
          {
            "timestamp": "2026-04-16 20:06:01,759",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b207000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1258
          },
          {
            "timestamp": "2026-04-16 20:06:01,759",
            "thread_id": "812",
            "caller": "0x7ffe4b190a0e",
            "parentcaller": "0x7ffe4b19013c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetFocus"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefda039d0"
              }
            ],
            "repeated": 0,
            "id": 1259
          },
          {
            "timestamp": "2026-04-16 20:06:01,806",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1f1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1260
          },
          {
            "timestamp": "2026-04-16 20:06:01,821",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b05d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1261
          },
          {
            "timestamp": "2026-04-16 20:06:01,821",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1f2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1262
          },
          {
            "timestamp": "2026-04-16 20:06:01,993",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1263
          },
          {
            "timestamp": "2026-04-16 20:06:01,993",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c13000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1264
          },
          {
            "timestamp": "2026-04-16 20:06:01,993",
            "thread_id": "812",
            "caller": "0x7ffe4b190ae6",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c13000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1265
          },
          {
            "timestamp": "2026-04-16 20:06:01,993",
            "thread_id": "812",
            "caller": "0x7ffe4b190ae6",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1266
          },
          {
            "timestamp": "2026-04-16 20:06:02,134",
            "thread_id": "812",
            "caller": "0x7ffe4b190ba8",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1f3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1267
          },
          {
            "timestamp": "2026-04-16 20:06:02,212",
            "thread_id": "812",
            "caller": "0x7ffe4b190beb",
            "parentcaller": "0x7ffe4b19013c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetModuleFileName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1268
          },
          {
            "timestamp": "2026-04-16 20:06:02,212",
            "thread_id": "812",
            "caller": "0x7ffe4b190beb",
            "parentcaller": "0x7ffe4b19013c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetModuleFileNameW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3fdf20"
              }
            ],
            "repeated": 0,
            "id": 1269
          },
          {
            "timestamp": "2026-04-16 20:06:02,212",
            "thread_id": "812",
            "caller": "0x7ffe4b190bf3",
            "parentcaller": "0x7ffe4b19013c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "SetCurrentDirectory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1270
          },
          {
            "timestamp": "2026-04-16 20:06:02,212",
            "thread_id": "812",
            "caller": "0x7ffe4b190bf3",
            "parentcaller": "0x7ffe4b19013c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "SetCurrentDirectoryW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe401360"
              }
            ],
            "repeated": 0,
            "id": 1271
          },
          {
            "timestamp": "2026-04-16 20:06:02,384",
            "thread_id": "812",
            "caller": "0x7ffe4b190bf8",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b191000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1272
          },
          {
            "timestamp": "2026-04-16 20:06:02,384",
            "thread_id": "812",
            "caller": "0x7ffe4b190bf8",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1273
          },
          {
            "timestamp": "2026-04-16 20:06:02,384",
            "thread_id": "812",
            "caller": "0x7ffe4b190bf8",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1274
          },
          {
            "timestamp": "2026-04-16 20:06:02,384",
            "thread_id": "812",
            "caller": "0x7ffe4b190bf8",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c13000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1275
          },
          {
            "timestamp": "2026-04-16 20:06:02,384",
            "thread_id": "812",
            "caller": "0x7ffe4b190e3f",
            "parentcaller": "0x7ffe4b190bf8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1276
          },
          {
            "timestamp": "2026-04-16 20:06:02,384",
            "thread_id": "812",
            "caller": "0x7ffe4b190e3f",
            "parentcaller": "0x7ffe4b190bf8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c13000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1277
          },
          {
            "timestamp": "2026-04-16 20:06:02,399",
            "thread_id": "812",
            "caller": "0x7ffe4b191087",
            "parentcaller": "0x7ffe4b190e3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "FindResourceEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1278
          },
          {
            "timestamp": "2026-04-16 20:06:02,399",
            "thread_id": "812",
            "caller": "0x7ffe4b191087",
            "parentcaller": "0x7ffe4b190e3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "FindResourceExA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3f3550"
              }
            ],
            "repeated": 0,
            "id": 1279
          },
          {
            "timestamp": "2026-04-16 20:06:02,399",
            "thread_id": "812",
            "caller": "0x7ffe4b1911ca",
            "parentcaller": "0x7ffe4b191087",
            "category": "misc",
            "api": "FindResourceExA",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x00000000"
              },
              {
                "name": "Type",
                "value": "#10"
              },
              {
                "name": "Name",
                "value": "#1"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1280
          },
          {
            "timestamp": "2026-04-16 20:06:02,462",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04100000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1281
          },
          {
            "timestamp": "2026-04-16 20:06:02,462",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04100000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1282
          },
          {
            "timestamp": "2026-04-16 20:06:02,493",
            "thread_id": "812",
            "caller": "0x7ffe4b191445",
            "parentcaller": "0x7ffe4b1913b0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1f4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1283
          },
          {
            "timestamp": "2026-04-16 20:06:02,931",
            "thread_id": "812",
            "caller": "0x7ffe4b191479",
            "parentcaller": "0x7ffe4b1913b0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02854000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1284
          },
          {
            "timestamp": "2026-04-16 20:06:03,212",
            "thread_id": "812",
            "caller": "0x7ffe4b191479",
            "parentcaller": "0x7ffe4b1913b0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02856000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1285
          },
          {
            "timestamp": "2026-04-16 20:06:03,352",
            "thread_id": "812",
            "caller": "0x7ffe4b191479",
            "parentcaller": "0x7ffe4b1913b0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02857000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1286
          },
          {
            "timestamp": "2026-04-16 20:06:03,415",
            "thread_id": "812",
            "caller": "0x7ffe4b191479",
            "parentcaller": "0x7ffe4b1913b0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02858000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1287
          },
          {
            "timestamp": "2026-04-16 20:06:03,431",
            "thread_id": "812",
            "caller": "0x7ffe4b191479",
            "parentcaller": "0x7ffe4b1913b0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02859000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1288
          },
          {
            "timestamp": "2026-04-16 20:06:03,431",
            "thread_id": "812",
            "caller": "0x7ffe4b191479",
            "parentcaller": "0x7ffe4b1913b0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0285a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1289
          },
          {
            "timestamp": "2026-04-16 20:06:03,493",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04100000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1290
          },
          {
            "timestamp": "2026-04-16 20:06:03,509",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04110000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1291
          },
          {
            "timestamp": "2026-04-16 20:06:03,509",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04120000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1292
          },
          {
            "timestamp": "2026-04-16 20:06:03,509",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04eb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1293
          },
          {
            "timestamp": "2026-04-16 20:06:03,509",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dca0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1294
          },
          {
            "timestamp": "2026-04-16 20:06:03,509",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c2f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1295
          },
          {
            "timestamp": "2026-04-16 20:06:03,509",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dcb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1296
          },
          {
            "timestamp": "2026-04-16 20:06:03,509",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dcc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1297
          },
          {
            "timestamp": "2026-04-16 20:06:03,509",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e040000"
              },
              {
                "name": "RegionSize",
                "value": "0x00100000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1298
          },
          {
            "timestamp": "2026-04-16 20:06:03,509",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e040000"
              },
              {
                "name": "RegionSize",
                "value": "0x00038000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1299
          },
          {
            "timestamp": "2026-04-16 20:06:03,509",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dcd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1300
          },
          {
            "timestamp": "2026-04-16 20:06:03,509",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dce0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1301
          },
          {
            "timestamp": "2026-04-16 20:06:03,509",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dcf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1302
          },
          {
            "timestamp": "2026-04-16 20:06:03,509",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c36000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1303
          },
          {
            "timestamp": "2026-04-16 20:06:03,509",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1304
          },
          {
            "timestamp": "2026-04-16 20:06:03,509",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1305
          },
          {
            "timestamp": "2026-04-16 20:06:03,509",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e078000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1306
          },
          {
            "timestamp": "2026-04-16 20:06:03,509",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1307
          },
          {
            "timestamp": "2026-04-16 20:06:03,524",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1308
          },
          {
            "timestamp": "2026-04-16 20:06:03,524",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1309
          },
          {
            "timestamp": "2026-04-16 20:06:03,524",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1de50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1310
          },
          {
            "timestamp": "2026-04-16 20:06:03,524",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1de60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1311
          },
          {
            "timestamp": "2026-04-16 20:06:03,524",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1de70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1312
          },
          {
            "timestamp": "2026-04-16 20:06:03,524",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1de80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1313
          },
          {
            "timestamp": "2026-04-16 20:06:03,524",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e077000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1314
          },
          {
            "timestamp": "2026-04-16 20:06:03,524",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c31000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1315
          },
          {
            "timestamp": "2026-04-16 20:06:03,524",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c15000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1316
          },
          {
            "timestamp": "2026-04-16 20:06:03,524",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b192000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1317
          },
          {
            "timestamp": "2026-04-16 20:06:03,524",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c31000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1318
          },
          {
            "timestamp": "2026-04-16 20:06:03,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1de90000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1319
          },
          {
            "timestamp": "2026-04-16 20:06:03,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dea0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1320
          },
          {
            "timestamp": "2026-04-16 20:06:03,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c15000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1321
          },
          {
            "timestamp": "2026-04-16 20:06:03,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1e3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1322
          },
          {
            "timestamp": "2026-04-16 20:06:03,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e077000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1323
          },
          {
            "timestamp": "2026-04-16 20:06:03,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e041000"
              },
              {
                "name": "RegionSize",
                "value": "0x00056000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1324
          },
          {
            "timestamp": "2026-04-16 20:06:03,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c31000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1325
          },
          {
            "timestamp": "2026-04-16 20:06:03,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c15000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1326
          },
          {
            "timestamp": "2026-04-16 20:06:03,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c31000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1327
          },
          {
            "timestamp": "2026-04-16 20:06:03,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1de50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1328
          },
          {
            "timestamp": "2026-04-16 20:06:03,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1de80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1329
          },
          {
            "timestamp": "2026-04-16 20:06:03,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04eb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1330
          },
          {
            "timestamp": "2026-04-16 20:06:03,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dea0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1331
          },
          {
            "timestamp": "2026-04-16 20:06:03,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1de90000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1332
          },
          {
            "timestamp": "2026-04-16 20:06:03,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1333
          },
          {
            "timestamp": "2026-04-16 20:06:03,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1334
          },
          {
            "timestamp": "2026-04-16 20:06:03,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1335
          },
          {
            "timestamp": "2026-04-16 20:06:03,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1336
          },
          {
            "timestamp": "2026-04-16 20:06:03,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1de60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1337
          },
          {
            "timestamp": "2026-04-16 20:06:03,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02820000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1338
          },
          {
            "timestamp": "2026-04-16 20:06:03,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1de70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1339
          },
          {
            "timestamp": "2026-04-16 20:06:03,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1340
          },
          {
            "timestamp": "2026-04-16 20:06:03,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dcf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1341
          },
          {
            "timestamp": "2026-04-16 20:06:03,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dce0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1342
          },
          {
            "timestamp": "2026-04-16 20:06:03,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dcd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1343
          },
          {
            "timestamp": "2026-04-16 20:06:03,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dcc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1344
          },
          {
            "timestamp": "2026-04-16 20:06:03,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dcb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1345
          },
          {
            "timestamp": "2026-04-16 20:06:03,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dca0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1346
          },
          {
            "timestamp": "2026-04-16 20:06:03,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1347
          },
          {
            "timestamp": "2026-04-16 20:06:03,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04120000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1348
          },
          {
            "timestamp": "2026-04-16 20:06:03,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1913b0",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1349
          },
          {
            "timestamp": "2026-04-16 20:06:03,556",
            "thread_id": "812",
            "caller": "0x7ffe4b191747",
            "parentcaller": "0x7ffe4b1913b0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1350
          },
          {
            "timestamp": "2026-04-16 20:06:03,556",
            "thread_id": "812",
            "caller": "0x7ffe4b191747",
            "parentcaller": "0x7ffe4b1913b0",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1351
          },
          {
            "timestamp": "2026-04-16 20:06:03,665",
            "thread_id": "812",
            "caller": "0x7ffe4b1919b8",
            "parentcaller": "0x7ffe4b1913b0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1352
          },
          {
            "timestamp": "2026-04-16 20:06:03,806",
            "thread_id": "812",
            "caller": "0x7ffe4b192385",
            "parentcaller": "0x7ffe4b1919d8",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1353
          },
          {
            "timestamp": "2026-04-16 20:06:03,806",
            "thread_id": "812",
            "caller": "0x7ffe4b191ac8",
            "parentcaller": "0x7ffe4b1913b0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1354
          },
          {
            "timestamp": "2026-04-16 20:06:03,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1924ef",
            "parentcaller": "0x7ffe4b191ac8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1355
          },
          {
            "timestamp": "2026-04-16 20:06:03,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1924ef",
            "parentcaller": "0x7ffe4b191ac8",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c25000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001f000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1356
          },
          {
            "timestamp": "2026-04-16 20:06:03,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1924ef",
            "parentcaller": "0x7ffe4b191ac8",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02810000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1357
          },
          {
            "timestamp": "2026-04-16 20:06:03,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1924ef",
            "parentcaller": "0x7ffe4b191ac8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c25000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001f000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1358
          },
          {
            "timestamp": "2026-04-16 20:06:03,821",
            "thread_id": "812",
            "caller": "0x7ffe4b19278f",
            "parentcaller": "0x7ffe4b192739",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05332000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1359
          },
          {
            "timestamp": "2026-04-16 20:06:04,071",
            "thread_id": "812",
            "caller": "0x7ffe4b191ac8",
            "parentcaller": "0x7ffe4b1913b0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02810000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1360
          },
          {
            "timestamp": "2026-04-16 20:06:04,071",
            "thread_id": "812",
            "caller": "0x7ffe4b191ac8",
            "parentcaller": "0x7ffe4b1913b0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02820000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1361
          },
          {
            "timestamp": "2026-04-16 20:06:04,071",
            "thread_id": "812",
            "caller": "0x7ffe4b191ac8",
            "parentcaller": "0x7ffe4b1913b0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04120000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1362
          },
          {
            "timestamp": "2026-04-16 20:06:04,071",
            "thread_id": "812",
            "caller": "0x7ffe4b191ac8",
            "parentcaller": "0x7ffe4b1913b0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c15000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1363
          },
          {
            "timestamp": "2026-04-16 20:06:04,071",
            "thread_id": "812",
            "caller": "0x7ffe4b191ac8",
            "parentcaller": "0x7ffe4b1913b0",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c25000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001f000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1364
          },
          {
            "timestamp": "2026-04-16 20:06:04,071",
            "thread_id": "812",
            "caller": "0x7ffe4b191ac8",
            "parentcaller": "0x7ffe4b1913b0",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c15000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1365
          },
          {
            "timestamp": "2026-04-16 20:06:04,071",
            "thread_id": "812",
            "caller": "0x7ffe4b191ac8",
            "parentcaller": "0x7ffe4b1913b0",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02810000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1366
          },
          {
            "timestamp": "2026-04-16 20:06:04,071",
            "thread_id": "812",
            "caller": "0x7ffe4b191ac8",
            "parentcaller": "0x7ffe4b1913b0",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1367
          },
          {
            "timestamp": "2026-04-16 20:06:04,071",
            "thread_id": "812",
            "caller": "0x7ffe4b191ac8",
            "parentcaller": "0x7ffe4b1913b0",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04120000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1368
          },
          {
            "timestamp": "2026-04-16 20:06:04,071",
            "thread_id": "812",
            "caller": "0x7ffe4b191ac8",
            "parentcaller": "0x7ffe4b1913b0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c25000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001f000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1369
          },
          {
            "timestamp": "2026-04-16 20:06:04,212",
            "thread_id": "812",
            "caller": "0x7ffe4b19278f",
            "parentcaller": "0x7ffe4b192739",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e140000"
              },
              {
                "name": "RegionSize",
                "value": "0x00100000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1370
          },
          {
            "timestamp": "2026-04-16 20:06:04,212",
            "thread_id": "812",
            "caller": "0x7ffe4b19278f",
            "parentcaller": "0x7ffe4b192739",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e140000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1371
          },
          {
            "timestamp": "2026-04-16 20:06:04,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19290b",
            "parentcaller": "0x7ffe4b191ac8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1372
          },
          {
            "timestamp": "2026-04-16 20:06:04,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19290b",
            "parentcaller": "0x7ffe4b191ac8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02810000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1373
          },
          {
            "timestamp": "2026-04-16 20:06:04,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19290b",
            "parentcaller": "0x7ffe4b191ac8",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c25000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001f000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1374
          },
          {
            "timestamp": "2026-04-16 20:06:04,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19290b",
            "parentcaller": "0x7ffe4b191ac8",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02810000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1375
          },
          {
            "timestamp": "2026-04-16 20:06:04,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19290b",
            "parentcaller": "0x7ffe4b191ac8",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02820000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1376
          },
          {
            "timestamp": "2026-04-16 20:06:04,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19290b",
            "parentcaller": "0x7ffe4b191ac8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c25000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001f000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1377
          },
          {
            "timestamp": "2026-04-16 20:06:04,306",
            "thread_id": "812",
            "caller": "0x7ffe4b192a0b",
            "parentcaller": "0x7ffe4b191ac8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1e4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1378
          },
          {
            "timestamp": "2026-04-16 20:06:04,306",
            "thread_id": "812",
            "caller": "0x7ffe4b192a0b",
            "parentcaller": "0x7ffe4b191ac8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b05e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1379
          },
          {
            "timestamp": "2026-04-16 20:06:04,321",
            "thread_id": "812",
            "caller": "0x7ffe4b192ebc",
            "parentcaller": "0x7ffe4b192a0b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b193000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1380
          },
          {
            "timestamp": "2026-04-16 20:06:04,321",
            "thread_id": "812",
            "caller": "0x7ffe4b191cd9",
            "parentcaller": "0x7ffe4b1913b0",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1381
          },
          {
            "timestamp": "2026-04-16 20:06:04,321",
            "thread_id": "812",
            "caller": "0x7ffe4b191d49",
            "parentcaller": "0x7ffe4b1913b0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1382
          },
          {
            "timestamp": "2026-04-16 20:06:04,321",
            "thread_id": "812",
            "caller": "0x7ffe4b191e66",
            "parentcaller": "0x7ffe4b1913b0",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1383
          },
          {
            "timestamp": "2026-04-16 20:06:04,337",
            "thread_id": "812",
            "caller": "0x7ffe4b1920a0",
            "parentcaller": "0x7ffe4b1913b0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c15000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1384
          },
          {
            "timestamp": "2026-04-16 20:06:04,337",
            "thread_id": "812",
            "caller": "0x7ffe4b1920c1",
            "parentcaller": "0x7ffe4b1913b0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1385
          },
          {
            "timestamp": "2026-04-16 20:06:04,337",
            "thread_id": "812",
            "caller": "0x7ffe4b1920c1",
            "parentcaller": "0x7ffe4b1913b0",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1386
          },
          {
            "timestamp": "2026-04-16 20:06:04,337",
            "thread_id": "812",
            "caller": "0x7ffe4b1920c1",
            "parentcaller": "0x7ffe4b1913b0",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c15000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1387
          },
          {
            "timestamp": "2026-04-16 20:06:04,337",
            "thread_id": "812",
            "caller": "0x7ffe4b1913dd",
            "parentcaller": "0x7ffe4b19123d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1388
          },
          {
            "timestamp": "2026-04-16 20:06:04,337",
            "thread_id": "812",
            "caller": "0x7ffe4b190c05",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1389
          },
          {
            "timestamp": "2026-04-16 20:06:04,337",
            "thread_id": "812",
            "caller": "0x7ffe4b193814",
            "parentcaller": "0x7ffe4b190c05",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1390
          },
          {
            "timestamp": "2026-04-16 20:06:04,571",
            "thread_id": "812",
            "caller": "0x7ffe4b1938a8",
            "parentcaller": "0x7ffe4b190c05",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c15000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1391
          },
          {
            "timestamp": "2026-04-16 20:06:04,571",
            "thread_id": "812",
            "caller": "0x7ffe4b1938a8",
            "parentcaller": "0x7ffe4b190c05",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "ReleaseMutex"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe404a50"
              }
            ],
            "repeated": 0,
            "id": 1392
          },
          {
            "timestamp": "2026-04-16 20:06:04,571",
            "thread_id": "812",
            "caller": "0x7ffe4b1938a8",
            "parentcaller": "0x7ffe4b190c05",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateMutex"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1393
          },
          {
            "timestamp": "2026-04-16 20:06:04,587",
            "thread_id": "812",
            "caller": "0x7ffe4b1938a8",
            "parentcaller": "0x7ffe4b190c05",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateMutexW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe4049a0"
              }
            ],
            "repeated": 0,
            "id": 1394
          },
          {
            "timestamp": "2026-04-16 20:06:04,587",
            "thread_id": "812",
            "caller": "0x7ffe4b1938a8",
            "parentcaller": "0x7ffe4b190c05",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d0"
              },
              {
                "name": "MutexName",
                "value": "Global\\{00000000-0000-0000-0000-000000000000}"
              },
              {
                "name": "InitialOwner",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1395
          },
          {
            "timestamp": "2026-04-16 20:06:04,743",
            "thread_id": "812",
            "caller": "0x7ffe4b193ef9",
            "parentcaller": "0x7ffe4b193df3",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1f5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1396
          },
          {
            "timestamp": "2026-04-16 20:06:04,790",
            "thread_id": "812",
            "caller": "0x7ffe4b193ef9",
            "parentcaller": "0x7ffe4b193df3",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b194000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1397
          },
          {
            "timestamp": "2026-04-16 20:06:04,790",
            "thread_id": "812",
            "caller": "0x7ffe4b193ef9",
            "parentcaller": "0x7ffe4b193df3",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1e5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1398
          },
          {
            "timestamp": "2026-04-16 20:06:04,790",
            "thread_id": "812",
            "caller": "0x7ffe4b193ef9",
            "parentcaller": "0x7ffe4b193df3",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1399
          },
          {
            "timestamp": "2026-04-16 20:06:04,790",
            "thread_id": "812",
            "caller": "0x7ffe4b193ef9",
            "parentcaller": "0x7ffe4b193df3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "RegOpenKeyEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1400
          },
          {
            "timestamp": "2026-04-16 20:06:04,790",
            "thread_id": "812",
            "caller": "0x7ffe4b193ef9",
            "parentcaller": "0x7ffe4b193df3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "RegOpenKeyExA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd736fb0"
              }
            ],
            "repeated": 0,
            "id": 1401
          },
          {
            "timestamp": "2026-04-16 20:06:04,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1940ad",
            "parentcaller": "0x7ffe4b193ef9",
            "category": "registry",
            "api": "RegOpenKeyExA",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Cryptography"
              },
              {
                "name": "Handle",
                "value": "0x000003cc"
              },
              {
                "name": "FullName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1402
          },
          {
            "timestamp": "2026-04-16 20:06:04,790",
            "thread_id": "812",
            "caller": "0x7ffe4b193f40",
            "parentcaller": "0x7ffe4b193df3",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1403
          },
          {
            "timestamp": "2026-04-16 20:06:04,868",
            "thread_id": "812",
            "caller": "0x7ffe4b193f40",
            "parentcaller": "0x7ffe4b193df3",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1404
          },
          {
            "timestamp": "2026-04-16 20:06:04,868",
            "thread_id": "812",
            "caller": "0x7ffe4b193f40",
            "parentcaller": "0x7ffe4b193df3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryValueEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1405
          },
          {
            "timestamp": "2026-04-16 20:06:04,868",
            "thread_id": "812",
            "caller": "0x7ffe4b193f40",
            "parentcaller": "0x7ffe4b193df3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryValueExA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd7370e0"
              }
            ],
            "repeated": 0,
            "id": 1406
          },
          {
            "timestamp": "2026-04-16 20:06:04,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19437e",
            "parentcaller": "0x7ffe4b193f40",
            "category": "registry",
            "api": "RegQueryValueExA",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003cc"
              },
              {
                "name": "ValueName",
                "value": "MachineGuid"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\MachineGuid"
              }
            ],
            "repeated": 0,
            "id": 1407
          },
          {
            "timestamp": "2026-04-16 20:06:04,868",
            "thread_id": "812",
            "caller": "0x7ffe4b19437e",
            "parentcaller": "0x7ffe4b193f8a",
            "category": "registry",
            "api": "RegQueryValueExA",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003cc"
              },
              {
                "name": "ValueName",
                "value": "MachineGuid"
              },
              {
                "name": "Data",
                "value": "57c9f549-7b50-4c23-b307-58bab726d1b6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\MachineGuid"
              }
            ],
            "repeated": 0,
            "id": 1408
          },
          {
            "timestamp": "2026-04-16 20:06:04,884",
            "thread_id": "812",
            "caller": "0x7ffe4b193f94",
            "parentcaller": "0x7ffe4b193df3",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1409
          },
          {
            "timestamp": "2026-04-16 20:06:04,884",
            "thread_id": "812",
            "caller": "0x7ffe4b193f94",
            "parentcaller": "0x7ffe4b193df3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "RegCloseKey"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd736af0"
              }
            ],
            "repeated": 0,
            "id": 1410
          },
          {
            "timestamp": "2026-04-16 20:06:04,884",
            "thread_id": "812",
            "caller": "0x7ffe4b194522",
            "parentcaller": "0x7ffe4b193f94",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003cc"
              }
            ],
            "repeated": 0,
            "id": 1411
          },
          {
            "timestamp": "2026-04-16 20:06:04,884",
            "thread_id": "812",
            "caller": "0x7ffe4b19460e",
            "parentcaller": "0x7ffe4b19456b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System"
              },
              {
                "name": "Handle",
                "value": "0x000003cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System"
              }
            ],
            "repeated": 0,
            "id": 1412
          },
          {
            "timestamp": "2026-04-16 20:06:04,884",
            "thread_id": "812",
            "caller": "0x7ffe4b194650",
            "parentcaller": "0x7ffe4b19456b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003cc"
              },
              {
                "name": "ValueName",
                "value": "EnableLUA"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableLUA"
              }
            ],
            "repeated": 0,
            "id": 1413
          },
          {
            "timestamp": "2026-04-16 20:06:04,884",
            "thread_id": "812",
            "caller": "0x7ffe4b194650",
            "parentcaller": "0x7ffe4b19456b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryValueEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1414
          },
          {
            "timestamp": "2026-04-16 20:06:04,884",
            "thread_id": "812",
            "caller": "0x7ffe4b194650",
            "parentcaller": "0x7ffe4b19456b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryValueExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd735ff0"
              }
            ],
            "repeated": 0,
            "id": 1415
          },
          {
            "timestamp": "2026-04-16 20:06:04,884",
            "thread_id": "812",
            "caller": "0x7ffe4b194650",
            "parentcaller": "0x7ffe4b19456b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003cc"
              },
              {
                "name": "ValueName",
                "value": "EnableLUA"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableLUA"
              }
            ],
            "repeated": 0,
            "id": 1416
          },
          {
            "timestamp": "2026-04-16 20:06:05,009",
            "thread_id": "812",
            "caller": "0x7ffe4b194658",
            "parentcaller": "0x7ffe4b19456b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02810000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1417
          },
          {
            "timestamp": "2026-04-16 20:06:05,009",
            "thread_id": "812",
            "caller": "0x7ffe4b194658",
            "parentcaller": "0x7ffe4b19456b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02820000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1418
          },
          {
            "timestamp": "2026-04-16 20:06:05,009",
            "thread_id": "812",
            "caller": "0x7ffe4b194658",
            "parentcaller": "0x7ffe4b19456b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04120000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1419
          },
          {
            "timestamp": "2026-04-16 20:06:05,009",
            "thread_id": "812",
            "caller": "0x7ffe4b194658",
            "parentcaller": "0x7ffe4b19456b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04eb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1420
          },
          {
            "timestamp": "2026-04-16 20:06:05,009",
            "thread_id": "812",
            "caller": "0x7ffe4b194658",
            "parentcaller": "0x7ffe4b19456b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dca0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1421
          },
          {
            "timestamp": "2026-04-16 20:06:05,009",
            "thread_id": "812",
            "caller": "0x7ffe4b194658",
            "parentcaller": "0x7ffe4b19456b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dcb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1422
          },
          {
            "timestamp": "2026-04-16 20:06:05,009",
            "thread_id": "812",
            "caller": "0x7ffe4b194658",
            "parentcaller": "0x7ffe4b19456b",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c25000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001f000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1423
          },
          {
            "timestamp": "2026-04-16 20:06:05,009",
            "thread_id": "812",
            "caller": "0x7ffe4b194658",
            "parentcaller": "0x7ffe4b19456b",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c17000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1424
          },
          {
            "timestamp": "2026-04-16 20:06:05,009",
            "thread_id": "812",
            "caller": "0x7ffe4b194658",
            "parentcaller": "0x7ffe4b19456b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c17000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1425
          },
          {
            "timestamp": "2026-04-16 20:06:05,009",
            "thread_id": "812",
            "caller": "0x7ffe4b194658",
            "parentcaller": "0x7ffe4b19456b",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dcb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1426
          },
          {
            "timestamp": "2026-04-16 20:06:05,009",
            "thread_id": "812",
            "caller": "0x7ffe4b194658",
            "parentcaller": "0x7ffe4b19456b",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02800000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1427
          },
          {
            "timestamp": "2026-04-16 20:06:05,009",
            "thread_id": "812",
            "caller": "0x7ffe4b194658",
            "parentcaller": "0x7ffe4b19456b",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04eb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1428
          },
          {
            "timestamp": "2026-04-16 20:06:05,009",
            "thread_id": "812",
            "caller": "0x7ffe4b194658",
            "parentcaller": "0x7ffe4b19456b",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dca0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1429
          },
          {
            "timestamp": "2026-04-16 20:06:05,009",
            "thread_id": "812",
            "caller": "0x7ffe4b194658",
            "parentcaller": "0x7ffe4b19456b",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04120000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1430
          },
          {
            "timestamp": "2026-04-16 20:06:05,009",
            "thread_id": "812",
            "caller": "0x7ffe4b194658",
            "parentcaller": "0x7ffe4b19456b",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02820000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1431
          },
          {
            "timestamp": "2026-04-16 20:06:05,009",
            "thread_id": "812",
            "caller": "0x7ffe4b194658",
            "parentcaller": "0x7ffe4b19456b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c25000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001f000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1432
          },
          {
            "timestamp": "2026-04-16 20:06:05,009",
            "thread_id": "812",
            "caller": "0x7ffe4b193bb6",
            "parentcaller": "0x7ffe4b190c0f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentProcess"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe404880"
              }
            ],
            "repeated": 0,
            "id": 1433
          },
          {
            "timestamp": "2026-04-16 20:06:05,040",
            "thread_id": "812",
            "caller": "0x7ffe4b194ebd",
            "parentcaller": "0x7ffe4b193bf9",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\shfolder"
              },
              {
                "name": "DllBase",
                "value": "0x7ffef08f0000"
              }
            ],
            "repeated": 0,
            "id": 1434
          },
          {
            "timestamp": "2026-04-16 20:06:05,040",
            "thread_id": "812",
            "caller": "0x7ffe4b194ebd",
            "parentcaller": "0x7ffe4b193bf9",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shfolder.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffef08f0000"
              }
            ],
            "repeated": 0,
            "id": 1435
          },
          {
            "timestamp": "2026-04-16 20:06:05,040",
            "thread_id": "812",
            "caller": "0x7ffe4b194ebd",
            "parentcaller": "0x7ffe4b193bf9",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffef08f0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shfolder.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1436
          },
          {
            "timestamp": "2026-04-16 20:06:05,056",
            "thread_id": "812",
            "caller": "0x7ffe4b194ebd",
            "parentcaller": "0x7ffe4b193bf9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "shfolder.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffef08f0000"
              },
              {
                "name": "FunctionName",
                "value": "SHGetFolderPath"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1437
          },
          {
            "timestamp": "2026-04-16 20:06:05,056",
            "thread_id": "812",
            "caller": "0x7ffe4b194ebd",
            "parentcaller": "0x7ffe4b193bf9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "shfolder.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffef08f0000"
              },
              {
                "name": "FunctionName",
                "value": "SHGetFolderPathW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffef08f1970"
              }
            ],
            "repeated": 0,
            "id": 1438
          },
          {
            "timestamp": "2026-04-16 20:06:05,056",
            "thread_id": "812",
            "caller": "0x7ffe4b194ebd",
            "parentcaller": "0x7ffe4b193bf9",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1439
          },
          {
            "timestamp": "2026-04-16 20:06:05,056",
            "thread_id": "812",
            "caller": "0x7ffe4b194ebd",
            "parentcaller": "0x7ffe4b193bf9",
            "category": "filesystem",
            "api": "SHGetFolderPathW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Folder",
                "value": "0x0000001a",
                "pretty_value": "CSIDL_APPDATA"
              },
              {
                "name": "Path",
                "value": "C:\\Users\\cape\\AppData\\Roaming"
              }
            ],
            "repeated": 0,
            "id": 1440
          },
          {
            "timestamp": "2026-04-16 20:06:05,056",
            "thread_id": "812",
            "caller": "0x7ffe4b194f01",
            "parentcaller": "0x7ffe4b193bf9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "SetErrorMode"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3fc810"
              }
            ],
            "repeated": 0,
            "id": 1441
          },
          {
            "timestamp": "2026-04-16 20:06:05,056",
            "thread_id": "812",
            "caller": "0x7ffe4b194f01",
            "parentcaller": "0x7ffe4b193bf9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileAttributesEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1442
          },
          {
            "timestamp": "2026-04-16 20:06:05,056",
            "thread_id": "812",
            "caller": "0x7ffe4b194f01",
            "parentcaller": "0x7ffe4b193bf9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileAttributesExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe404d50"
              }
            ],
            "repeated": 0,
            "id": 1443
          },
          {
            "timestamp": "2026-04-16 20:06:05,056",
            "thread_id": "812",
            "caller": "0x7ffe4b194f01",
            "parentcaller": "0x7ffe4b193bf9",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\57C9F549-7B50-4C23-B307-58BAB726D1B6"
              }
            ],
            "repeated": 0,
            "id": 1444
          },
          {
            "timestamp": "2026-04-16 20:06:05,056",
            "thread_id": "812",
            "caller": "0x7ffe4b194f01",
            "parentcaller": "0x7ffe4b193bf9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "SetErrorMode"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3fc810"
              }
            ],
            "repeated": 0,
            "id": 1445
          },
          {
            "timestamp": "2026-04-16 20:06:05,056",
            "thread_id": "812",
            "caller": "0x7ffe4b194f01",
            "parentcaller": "0x7ffe4b193bf9",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming"
              }
            ],
            "repeated": 0,
            "id": 1446
          },
          {
            "timestamp": "2026-04-16 20:06:05,056",
            "thread_id": "812",
            "caller": "0x7ffe4b194f01",
            "parentcaller": "0x7ffe4b193bf9",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              }
            ],
            "repeated": 0,
            "id": 1447
          },
          {
            "timestamp": "2026-04-16 20:06:05,056",
            "thread_id": "812",
            "caller": "0x7ffe4b194f01",
            "parentcaller": "0x7ffe4b193bf9",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              }
            ],
            "repeated": 0,
            "id": 1448
          },
          {
            "timestamp": "2026-04-16 20:06:05,056",
            "thread_id": "812",
            "caller": "0x7ffe4b194f01",
            "parentcaller": "0x7ffe4b193bf9",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users"
              }
            ],
            "repeated": 0,
            "id": 1449
          },
          {
            "timestamp": "2026-04-16 20:06:05,056",
            "thread_id": "812",
            "caller": "0x7ffe4b194f01",
            "parentcaller": "0x7ffe4b193bf9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateDirectory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1450
          },
          {
            "timestamp": "2026-04-16 20:06:05,056",
            "thread_id": "812",
            "caller": "0x7ffe4b194f01",
            "parentcaller": "0x7ffe4b193bf9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateDirectoryW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe404b30"
              }
            ],
            "repeated": 0,
            "id": 1451
          },
          {
            "timestamp": "2026-04-16 20:06:05,056",
            "thread_id": "812",
            "caller": "0x7ffe4b194f01",
            "parentcaller": "0x7ffe4b193bf9",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\57C9F549-7B50-4C23-B307-58BAB726D1B6"
              }
            ],
            "repeated": 0,
            "id": 1452
          },
          {
            "timestamp": "2026-04-16 20:06:05,056",
            "thread_id": "812",
            "caller": "0x7ffe4b193cb6",
            "parentcaller": "0x7ffe4b190c0f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b195000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1453
          },
          {
            "timestamp": "2026-04-16 20:06:05,071",
            "thread_id": "812",
            "caller": "0x7ffe4b194ff1",
            "parentcaller": "0x7ffe4b193cb6",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1454
          },
          {
            "timestamp": "2026-04-16 20:06:05,071",
            "thread_id": "812",
            "caller": "0x7ffe4b195028",
            "parentcaller": "0x7ffe4b193cb6",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\57C9F549-7B50-4C23-B307-58BAB726D1B6\\run.dat"
              }
            ],
            "repeated": 0,
            "id": 1455
          },
          {
            "timestamp": "2026-04-16 20:06:05,181",
            "thread_id": "812",
            "caller": "0x7ffe4b19507c",
            "parentcaller": "0x7ffe4b193cb6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateFile"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1456
          },
          {
            "timestamp": "2026-04-16 20:06:05,181",
            "thread_id": "812",
            "caller": "0x7ffe4b19507c",
            "parentcaller": "0x7ffe4b193cb6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateFileW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe404b60"
              }
            ],
            "repeated": 0,
            "id": 1457
          },
          {
            "timestamp": "2026-04-16 20:06:05,181",
            "thread_id": "812",
            "caller": "0x7ffe4b19507c",
            "parentcaller": "0x7ffe4b193cb6",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x40100080",
                "pretty_value": "GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\57C9F549-7B50-4C23-B307-58BAB726D1B6\\run.dat"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1458
          },
          {
            "timestamp": "2026-04-16 20:06:05,181",
            "thread_id": "812",
            "caller": "0x7ffe4b19507c",
            "parentcaller": "0x7ffe4b193cb6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileType"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe404db0"
              }
            ],
            "repeated": 0,
            "id": 1459
          },
          {
            "timestamp": "2026-04-16 20:06:05,181",
            "thread_id": "812",
            "caller": "0x7ffe4b19507c",
            "parentcaller": "0x7ffe4b193cb6",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b211000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1460
          },
          {
            "timestamp": "2026-04-16 20:06:05,181",
            "thread_id": "812",
            "caller": "0x7ffe4b19507c",
            "parentcaller": "0x7ffe4b193cb6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "WriteFile"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe404fd0"
              }
            ],
            "repeated": 0,
            "id": 1461
          },
          {
            "timestamp": "2026-04-16 20:06:05,181",
            "thread_id": "812",
            "caller": "0x7ffe4b19507c",
            "parentcaller": "0x7ffe4b193cb6",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003d4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\57C9F549-7B50-4C23-B307-58BAB726D1B6\\run.dat"
              },
              {
                "name": "Buffer",
                "value": ";TI\\x97\\xf3\\x9b\\xdeH"
              },
              {
                "name": "Length",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 1462
          },
          {
            "timestamp": "2026-04-16 20:06:05,181",
            "thread_id": "812",
            "caller": "0x7ffe4b19507c",
            "parentcaller": "0x7ffe4b193cb6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d4"
              }
            ],
            "repeated": 0,
            "id": 1463
          },
          {
            "timestamp": "2026-04-16 20:06:05,196",
            "thread_id": "812",
            "caller": "0x7ffe4b193d2b",
            "parentcaller": "0x7ffe4b190c0f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02800000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1464
          },
          {
            "timestamp": "2026-04-16 20:06:05,196",
            "thread_id": "812",
            "caller": "0x7ffe4b193d2b",
            "parentcaller": "0x7ffe4b190c0f",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02840000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1465
          },
          {
            "timestamp": "2026-04-16 20:06:05,196",
            "thread_id": "812",
            "caller": "0x7ffe4b193d2b",
            "parentcaller": "0x7ffe4b190c0f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02820000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1466
          },
          {
            "timestamp": "2026-04-16 20:06:05,196",
            "thread_id": "812",
            "caller": "0x7ffe4b193d2b",
            "parentcaller": "0x7ffe4b190c0f",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c26000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001e000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1467
          },
          {
            "timestamp": "2026-04-16 20:06:05,196",
            "thread_id": "812",
            "caller": "0x7ffe4b193d2b",
            "parentcaller": "0x7ffe4b190c0f",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1468
          },
          {
            "timestamp": "2026-04-16 20:06:05,196",
            "thread_id": "812",
            "caller": "0x7ffe4b193d2b",
            "parentcaller": "0x7ffe4b190c0f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c26000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001e000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1469
          },
          {
            "timestamp": "2026-04-16 20:06:05,212",
            "thread_id": "812",
            "caller": "0x7ffe4b195926",
            "parentcaller": "0x7ffe4b190c14",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1470
          },
          {
            "timestamp": "2026-04-16 20:06:05,212",
            "thread_id": "812",
            "caller": "0x7ffe4b195926",
            "parentcaller": "0x7ffe4b190c14",
            "category": "filesystem",
            "api": "SHGetFolderPathW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Folder",
                "value": "0x00000026",
                "pretty_value": "CSIDL_PROGRAM_FILES"
              },
              {
                "name": "Path",
                "value": "C:\\Program Files"
              }
            ],
            "repeated": 0,
            "id": 1471
          },
          {
            "timestamp": "2026-04-16 20:06:05,306",
            "thread_id": "812",
            "caller": "0x7ffe4b190c19",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1472
          },
          {
            "timestamp": "2026-04-16 20:06:05,306",
            "thread_id": "812",
            "caller": "0x7ffe4b1959d9",
            "parentcaller": "0x7ffe4b190c19",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\57C9F549-7B50-4C23-B307-58BAB726D1B6\\Exceptions\\0.0.0.0"
              }
            ],
            "repeated": 0,
            "id": 1473
          },
          {
            "timestamp": "2026-04-16 20:06:05,306",
            "thread_id": "812",
            "caller": "0x7ffe4b190c1e",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1474
          },
          {
            "timestamp": "2026-04-16 20:06:05,306",
            "thread_id": "812",
            "caller": "0x7ffe4b190c1e",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b102000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1475
          },
          {
            "timestamp": "2026-04-16 20:06:05,321",
            "thread_id": "812",
            "caller": "0x7ffe4b190c1e",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b10c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1476
          },
          {
            "timestamp": "2026-04-16 20:06:05,649",
            "thread_id": "812",
            "caller": "0x7ffe4b190c1e",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1e6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1477
          },
          {
            "timestamp": "2026-04-16 20:06:05,649",
            "thread_id": "812",
            "caller": "0x7ffe4b190c1e",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1478
          },
          {
            "timestamp": "2026-04-16 20:06:05,649",
            "thread_id": "812",
            "caller": "0x7ffe4b195bdc",
            "parentcaller": "0x7ffe4b190c1e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1479
          },
          {
            "timestamp": "2026-04-16 20:06:05,665",
            "thread_id": "812",
            "caller": "0x7ffe4b195bdc",
            "parentcaller": "0x7ffe4b190c1e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b196000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1480
          },
          {
            "timestamp": "2026-04-16 20:06:05,665",
            "thread_id": "812",
            "caller": "0x7ffe4b195bdc",
            "parentcaller": "0x7ffe4b190c1e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1481
          },
          {
            "timestamp": "2026-04-16 20:06:05,665",
            "thread_id": "812",
            "caller": "0x7ffe4b195bdc",
            "parentcaller": "0x7ffe4b190c1e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04110000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1482
          },
          {
            "timestamp": "2026-04-16 20:06:05,665",
            "thread_id": "812",
            "caller": "0x7ffe4b195bdc",
            "parentcaller": "0x7ffe4b190c1e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1483
          },
          {
            "timestamp": "2026-04-16 20:06:05,665",
            "thread_id": "812",
            "caller": "0x7ffe4b190c23",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1484
          },
          {
            "timestamp": "2026-04-16 20:06:05,790",
            "thread_id": "812",
            "caller": "0x7ffe4b191fd3",
            "parentcaller": "0x7ffe4b1964d0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05342000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1485
          },
          {
            "timestamp": "2026-04-16 20:06:06,727",
            "thread_id": "812",
            "caller": "0x7ffe4b196565",
            "parentcaller": "0x7ffe4b190c2d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "DeleteFile"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1486
          },
          {
            "timestamp": "2026-04-16 20:06:06,727",
            "thread_id": "812",
            "caller": "0x7ffe4b196565",
            "parentcaller": "0x7ffe4b190c2d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "DeleteFileA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe404b80"
              }
            ],
            "repeated": 0,
            "id": 1487
          },
          {
            "timestamp": "2026-04-16 20:06:06,931",
            "thread_id": "812",
            "caller": "0x7ffe4b196603",
            "parentcaller": "0x7ffe4b196565",
            "category": "filesystem",
            "api": "DeleteFileA",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe:Zone.Identifier"
              }
            ],
            "repeated": 0,
            "id": 1488
          },
          {
            "timestamp": "2026-04-16 20:06:08,274",
            "thread_id": "812",
            "caller": "0x7ffe4b196bb1",
            "parentcaller": "0x7ffe4b190c54",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetSystemInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3fdbb0"
              }
            ],
            "repeated": 0,
            "id": 1489
          },
          {
            "timestamp": "2026-04-16 20:06:08,274",
            "thread_id": "812",
            "caller": "0x7ffe4b196bb1",
            "parentcaller": "0x7ffe4b190c54",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 1490
          },
          {
            "timestamp": "2026-04-16 20:06:08,274",
            "thread_id": "812",
            "caller": "0x7ffe4b196bb1",
            "parentcaller": "0x7ffe4b190c54",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              }
            ],
            "repeated": 0,
            "id": 1491
          },
          {
            "timestamp": "2026-04-16 20:06:08,274",
            "thread_id": "812",
            "caller": "0x7ffe4b196bb1",
            "parentcaller": "0x7ffe4b190c54",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateIoCompletionPort"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3fd950"
              }
            ],
            "repeated": 0,
            "id": 1492
          },
          {
            "timestamp": "2026-04-16 20:06:08,274",
            "thread_id": "812",
            "caller": "0x7ffe4b196bb1",
            "parentcaller": "0x7ffe4b190c54",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "PostQueuedCompletionStatus"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3fb3a0"
              }
            ],
            "repeated": 0,
            "id": 1493
          },
          {
            "timestamp": "2026-04-16 20:06:08,274",
            "thread_id": "812",
            "caller": "0x7ffe4b196bb1",
            "parentcaller": "0x7ffe4b190c54",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefe850000"
              }
            ],
            "repeated": 0,
            "id": 1494
          },
          {
            "timestamp": "2026-04-16 20:06:08,274",
            "thread_id": "812",
            "caller": "0x7ffe4b196bb1",
            "parentcaller": "0x7ffe4b190c54",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffefe850000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ntdll.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1495
          },
          {
            "timestamp": "2026-04-16 20:06:08,274",
            "thread_id": "812",
            "caller": "0x7ffe4b196bb1",
            "parentcaller": "0x7ffe4b190c54",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe850000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryInformationThread"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe8ed490"
              }
            ],
            "repeated": 0,
            "id": 1496
          },
          {
            "timestamp": "2026-04-16 20:06:08,274",
            "thread_id": "812",
            "caller": "0x7ffe4b196bb1",
            "parentcaller": "0x7ffe4b190c54",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe850000"
              },
              {
                "name": "FunctionName",
                "value": "NtQuerySystemInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe8ed6b0"
              }
            ],
            "repeated": 0,
            "id": 1497
          },
          {
            "timestamp": "2026-04-16 20:06:08,274",
            "thread_id": "812",
            "caller": "0x7ffe4b196bb1",
            "parentcaller": "0x7ffe4b190c54",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1498
          },
          {
            "timestamp": "2026-04-16 20:06:08,274",
            "thread_id": "812",
            "caller": "0x7ffe4b196bb1",
            "parentcaller": "0x7ffe4b190c54",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe850000"
              }
            ],
            "repeated": 0,
            "id": 1499
          },
          {
            "timestamp": "2026-04-16 20:06:08,274",
            "thread_id": "812",
            "caller": "0x7ffe4b196bb1",
            "parentcaller": "0x7ffe4b190c54",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe850000"
              },
              {
                "name": "FunctionName",
                "value": "NtGetCurrentProcessorNumber"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe8eee40"
              }
            ],
            "repeated": 0,
            "id": 1500
          },
          {
            "timestamp": "2026-04-16 20:06:08,274",
            "thread_id": "812",
            "caller": "0x7ffe4b196bb1",
            "parentcaller": "0x7ffe4b190c54",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000003f8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00bccf10"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "4860"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              },
              {
                "name": "Module",
                "value": "mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 1501
          },
          {
            "timestamp": "2026-04-16 20:06:08,274",
            "thread_id": "812",
            "caller": "0x7ffe4b196bb1",
            "parentcaller": "0x7ffe4b190c54",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x000003f8",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00bccf10"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "4860"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 1502
          },
          {
            "timestamp": "2026-04-16 20:06:08,274",
            "thread_id": "812",
            "caller": "0x7ffe4b196bb1",
            "parentcaller": "0x7ffe4b190c54",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000003f8"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "4860"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 1503
          },
          {
            "timestamp": "2026-04-16 20:06:08,290",
            "thread_id": "4860",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c87000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1504
          },
          {
            "timestamp": "2026-04-16 20:06:08,290",
            "thread_id": "4860",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffefc5e2d56",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              }
            ],
            "repeated": 0,
            "id": 1505
          },
          {
            "timestamp": "2026-04-16 20:06:08,290",
            "thread_id": "4860",
            "caller": "0x7ffefe8c4fed",
            "parentcaller": "0x7ffefe8c4bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1506
          },
          {
            "timestamp": "2026-04-16 20:06:08,290",
            "thread_id": "4860",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00bccf10"
              }
            ],
            "repeated": 0,
            "id": 1507
          },
          {
            "timestamp": "2026-04-16 20:06:08,290",
            "thread_id": "4860",
            "caller": "0x7ffeaacb620d",
            "parentcaller": "0x7ffeaa87894f",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "16384"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1508
          },
          {
            "timestamp": "2026-04-16 20:06:08,290",
            "thread_id": "4860",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaa878a03",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e241000"
              },
              {
                "name": "RegionSize",
                "value": "0x000f7000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1509
          },
          {
            "timestamp": "2026-04-16 20:06:08,290",
            "thread_id": "4860",
            "caller": "0x7ffefc5d1ace",
            "parentcaller": "0x7ffeaa8a9840",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1510
          },
          {
            "timestamp": "2026-04-16 20:06:08,290",
            "thread_id": "4860",
            "caller": "0x7ffefc5d1ace",
            "parentcaller": "0x7ffeaa8a9840",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e0"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 1511
          },
          {
            "timestamp": "2026-04-16 20:06:08,290",
            "thread_id": "4860",
            "caller": "0x7ffefc618e6e",
            "parentcaller": "0x7ffeaaca8b2f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000003f8"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x8a\\x00\\x00\\x00\\x00\\x00<\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "4860"
              }
            ],
            "repeated": 0,
            "id": 1512
          },
          {
            "timestamp": "2026-04-16 20:06:08,493",
            "thread_id": "4860",
            "caller": "0x7ffe4b196d1f",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20000"
              }
            ],
            "repeated": 0,
            "id": 1513
          },
          {
            "timestamp": "2026-04-16 20:06:09,368",
            "thread_id": "812",
            "caller": "0x7ffe4b190c59",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02840000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1514
          },
          {
            "timestamp": "2026-04-16 20:06:09,368",
            "thread_id": "812",
            "caller": "0x7ffe4b190c59",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04110000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1515
          },
          {
            "timestamp": "2026-04-16 20:06:09,368",
            "thread_id": "812",
            "caller": "0x7ffe4b190c59",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e041000"
              },
              {
                "name": "RegionSize",
                "value": "0x00056000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1516
          },
          {
            "timestamp": "2026-04-16 20:06:09,368",
            "thread_id": "812",
            "caller": "0x7ffe4b190c59",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04120000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1517
          },
          {
            "timestamp": "2026-04-16 20:06:09,368",
            "thread_id": "812",
            "caller": "0x7ffe4b190c59",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04eb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1518
          },
          {
            "timestamp": "2026-04-16 20:06:09,368",
            "thread_id": "812",
            "caller": "0x7ffe4b190c59",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b197000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1519
          },
          {
            "timestamp": "2026-04-16 20:06:09,384",
            "thread_id": "812",
            "caller": "0x7ffe4b190c59",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dca0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1520
          },
          {
            "timestamp": "2026-04-16 20:06:09,384",
            "thread_id": "812",
            "caller": "0x7ffe4b190c59",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1e7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1521
          },
          {
            "timestamp": "2026-04-16 20:06:09,384",
            "thread_id": "812",
            "caller": "0x7ffe4b190c59",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e041000"
              },
              {
                "name": "RegionSize",
                "value": "0x00056000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1522
          },
          {
            "timestamp": "2026-04-16 20:06:09,384",
            "thread_id": "812",
            "caller": "0x7ffe4b190c59",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c33000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1523
          },
          {
            "timestamp": "2026-04-16 20:06:09,384",
            "thread_id": "812",
            "caller": "0x7ffe4b190c59",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c28000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1524
          },
          {
            "timestamp": "2026-04-16 20:06:09,384",
            "thread_id": "812",
            "caller": "0x7ffe4b190c59",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04120000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1525
          },
          {
            "timestamp": "2026-04-16 20:06:09,384",
            "thread_id": "812",
            "caller": "0x7ffe4b190c59",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1526
          },
          {
            "timestamp": "2026-04-16 20:06:09,384",
            "thread_id": "812",
            "caller": "0x7ffe4b190c59",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dca0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1527
          },
          {
            "timestamp": "2026-04-16 20:06:09,384",
            "thread_id": "812",
            "caller": "0x7ffe4b190c59",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02820000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1528
          },
          {
            "timestamp": "2026-04-16 20:06:09,384",
            "thread_id": "812",
            "caller": "0x7ffe4b190c59",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04eb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1529
          },
          {
            "timestamp": "2026-04-16 20:06:09,384",
            "thread_id": "812",
            "caller": "0x7ffe4b196e8e",
            "parentcaller": "0x7ffe4b190c59",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\57C9F549-7B50-4C23-B307-58BAB726D1B6\\catalog.dat"
              }
            ],
            "repeated": 0,
            "id": 1530
          },
          {
            "timestamp": "2026-04-16 20:06:09,384",
            "thread_id": "812",
            "caller": "0x7ffe4b190c5e",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c28000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1531
          },
          {
            "timestamp": "2026-04-16 20:06:09,649",
            "thread_id": "812",
            "caller": "0x7ffe4b190c5e",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c33000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1532
          },
          {
            "timestamp": "2026-04-16 20:06:09,649",
            "thread_id": "812",
            "caller": "0x7ffe4b190c5e",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1533
          },
          {
            "timestamp": "2026-04-16 20:06:09,649",
            "thread_id": "812",
            "caller": "0x7ffe4b190c5e",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02820000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1534
          },
          {
            "timestamp": "2026-04-16 20:06:09,649",
            "thread_id": "812",
            "caller": "0x7ffe4b190c5e",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e041000"
              },
              {
                "name": "RegionSize",
                "value": "0x00056000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1535
          },
          {
            "timestamp": "2026-04-16 20:06:09,649",
            "thread_id": "812",
            "caller": "0x7ffe4b190c5e",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04120000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1536
          },
          {
            "timestamp": "2026-04-16 20:06:09,649",
            "thread_id": "812",
            "caller": "0x7ffe4b190c5e",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04eb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1537
          },
          {
            "timestamp": "2026-04-16 20:06:09,649",
            "thread_id": "812",
            "caller": "0x7ffe4b190c5e",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dca0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1538
          },
          {
            "timestamp": "2026-04-16 20:06:09,649",
            "thread_id": "812",
            "caller": "0x7ffe4b190c5e",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e041000"
              },
              {
                "name": "RegionSize",
                "value": "0x00056000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1539
          },
          {
            "timestamp": "2026-04-16 20:06:09,649",
            "thread_id": "812",
            "caller": "0x7ffe4b190c5e",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c28000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1540
          },
          {
            "timestamp": "2026-04-16 20:06:09,649",
            "thread_id": "812",
            "caller": "0x7ffe4b190c5e",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c28000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1541
          },
          {
            "timestamp": "2026-04-16 20:06:09,649",
            "thread_id": "812",
            "caller": "0x7ffe4b190c5e",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c33000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1542
          },
          {
            "timestamp": "2026-04-16 20:06:09,649",
            "thread_id": "812",
            "caller": "0x7ffe4b190c5e",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c28000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1543
          },
          {
            "timestamp": "2026-04-16 20:06:09,649",
            "thread_id": "812",
            "caller": "0x7ffe4b190c5e",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04120000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1544
          },
          {
            "timestamp": "2026-04-16 20:06:09,649",
            "thread_id": "812",
            "caller": "0x7ffe4b190c5e",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02840000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1545
          },
          {
            "timestamp": "2026-04-16 20:06:09,649",
            "thread_id": "812",
            "caller": "0x7ffe4b190c5e",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04100000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1546
          },
          {
            "timestamp": "2026-04-16 20:06:09,649",
            "thread_id": "812",
            "caller": "0x7ffe4b190c5e",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dca0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1547
          },
          {
            "timestamp": "2026-04-16 20:06:09,649",
            "thread_id": "812",
            "caller": "0x7ffe4b190c5e",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04eb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1548
          },
          {
            "timestamp": "2026-04-16 20:06:09,649",
            "thread_id": "812",
            "caller": "0x7ffe4b1976a9",
            "parentcaller": "0x7ffe4b190c5e",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\57C9F549-7B50-4C23-B307-58BAB726D1B6\\storage.dat"
              }
            ],
            "repeated": 0,
            "id": 1549
          },
          {
            "timestamp": "2026-04-16 20:06:09,649",
            "thread_id": "812",
            "caller": "0x7ffe4b190c7f",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c28000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1550
          },
          {
            "timestamp": "2026-04-16 20:06:09,665",
            "thread_id": "812",
            "caller": "0x7ffe4b190c7f",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1551
          },
          {
            "timestamp": "2026-04-16 20:06:09,665",
            "thread_id": "812",
            "caller": "0x7ffe4b190c7f",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c28000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1552
          },
          {
            "timestamp": "2026-04-16 20:06:09,665",
            "thread_id": "812",
            "caller": "0x7ffe4b197dfa",
            "parentcaller": "0x7ffe4b190c7f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1553
          },
          {
            "timestamp": "2026-04-16 20:06:09,665",
            "thread_id": "812",
            "caller": "0x7ffe4b197dfa",
            "parentcaller": "0x7ffe4b190c7f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c28000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1554
          },
          {
            "timestamp": "2026-04-16 20:06:09,665",
            "thread_id": "812",
            "caller": "0x7ffe4b197dfa",
            "parentcaller": "0x7ffe4b190c7f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b198000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1555
          },
          {
            "timestamp": "2026-04-16 20:06:09,665",
            "thread_id": "812",
            "caller": "0x7ffe4b197e02",
            "parentcaller": "0x7ffe4b190c7f",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1556
          },
          {
            "timestamp": "2026-04-16 20:06:09,665",
            "thread_id": "812",
            "caller": "0x7ffe4b197e02",
            "parentcaller": "0x7ffe4b190c7f",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c28000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1557
          },
          {
            "timestamp": "2026-04-16 20:06:09,665",
            "thread_id": "812",
            "caller": "0x7ffe4b198115",
            "parentcaller": "0x7ffe4b197e02",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1558
          },
          {
            "timestamp": "2026-04-16 20:06:09,665",
            "thread_id": "812",
            "caller": "0x7ffe4b198115",
            "parentcaller": "0x7ffe4b197e02",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c28000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1559
          },
          {
            "timestamp": "2026-04-16 20:06:09,665",
            "thread_id": "812",
            "caller": "0x7ffe4b198142",
            "parentcaller": "0x7ffe4b197e02",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b110000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1560
          },
          {
            "timestamp": "2026-04-16 20:06:09,665",
            "thread_id": "812",
            "caller": "0x7ffe4b190c84",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1561
          },
          {
            "timestamp": "2026-04-16 20:06:09,665",
            "thread_id": "812",
            "caller": "0x7ffe4b190c84",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1e8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1562
          },
          {
            "timestamp": "2026-04-16 20:06:10,352",
            "thread_id": "812",
            "caller": "0x7ffe4b19866e",
            "parentcaller": "0x7ffe4b19843a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd110000"
              },
              {
                "name": "FunctionName",
                "value": "CoCreateGuid"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefcd039a0"
              }
            ],
            "repeated": 0,
            "id": 1563
          },
          {
            "timestamp": "2026-04-16 20:06:10,368",
            "thread_id": "812",
            "caller": "0x7ffe4b190c84",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b199000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1564
          },
          {
            "timestamp": "2026-04-16 20:06:10,993",
            "thread_id": "812",
            "caller": "0x7ffe4b19918d",
            "parentcaller": "0x7ffe4b19013c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1e9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1565
          },
          {
            "timestamp": "2026-04-16 20:06:12,446",
            "thread_id": "812",
            "caller": "0x7ffe4b19957d",
            "parentcaller": "0x7ffe4b1993b7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x15322000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001f000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1566
          },
          {
            "timestamp": "2026-04-16 20:06:13,665",
            "thread_id": "812",
            "caller": "0x7ffe4b1995d5",
            "parentcaller": "0x7ffe4b1993b7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion"
              },
              {
                "name": "Handle",
                "value": "0x00000408"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion"
              }
            ],
            "repeated": 0,
            "id": 1567
          },
          {
            "timestamp": "2026-04-16 20:06:13,665",
            "thread_id": "812",
            "caller": "0x7ffe4b1995d5",
            "parentcaller": "0x7ffe4b1993b7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000408"
              },
              {
                "name": "ValueName",
                "value": "InstallationType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\InstallationType"
              }
            ],
            "repeated": 0,
            "id": 1568
          },
          {
            "timestamp": "2026-04-16 20:06:13,665",
            "thread_id": "812",
            "caller": "0x7ffe4b1995d5",
            "parentcaller": "0x7ffe4b1993b7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryValueEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1569
          },
          {
            "timestamp": "2026-04-16 20:06:13,665",
            "thread_id": "812",
            "caller": "0x7ffe4b1995d5",
            "parentcaller": "0x7ffe4b1993b7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryValueExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd735ff0"
              }
            ],
            "repeated": 0,
            "id": 1570
          },
          {
            "timestamp": "2026-04-16 20:06:13,665",
            "thread_id": "812",
            "caller": "0x7ffe4b1995d5",
            "parentcaller": "0x7ffe4b1993b7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000408"
              },
              {
                "name": "ValueName",
                "value": "InstallationType"
              },
              {
                "name": "Data",
                "value": "Client"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\InstallationType"
              }
            ],
            "repeated": 0,
            "id": 1571
          },
          {
            "timestamp": "2026-04-16 20:06:13,665",
            "thread_id": "812",
            "caller": "0x7ffe4b1995d5",
            "parentcaller": "0x7ffe4b1993b7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000408"
              }
            ],
            "repeated": 0,
            "id": 1572
          },
          {
            "timestamp": "2026-04-16 20:06:15,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\ws2_32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1573
          },
          {
            "timestamp": "2026-04-16 20:06:15,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\ws2_32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 1574
          },
          {
            "timestamp": "2026-04-16 20:06:15,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ws2_32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefd6b0000"
              }
            ],
            "repeated": 0,
            "id": 1575
          },
          {
            "timestamp": "2026-04-16 20:06:15,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffefd6b0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ws2_32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1576
          },
          {
            "timestamp": "2026-04-16 20:06:15,540",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd6b0000"
              },
              {
                "name": "FunctionName",
                "value": "WSAStartup"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd6beb10"
              }
            ],
            "repeated": 0,
            "id": 1577
          },
          {
            "timestamp": "2026-04-16 20:06:15,665",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "network",
            "api": "WSAStartup",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "VersionRequested",
                "value": "0x00000202"
              }
            ],
            "repeated": 0,
            "id": 1578
          },
          {
            "timestamp": "2026-04-16 20:06:15,665",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd6b0000"
              },
              {
                "name": "FunctionName",
                "value": "WSASocket"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1579
          },
          {
            "timestamp": "2026-04-16 20:06:15,665",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd6b0000"
              },
              {
                "name": "FunctionName",
                "value": "WSASocketW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd6b56b0"
              }
            ],
            "repeated": 0,
            "id": 1580
          },
          {
            "timestamp": "2026-04-16 20:06:15,665",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd6b0000"
              },
              {
                "name": "FunctionName",
                "value": "setsockopt"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd6c10a0"
              }
            ],
            "repeated": 0,
            "id": 1581
          },
          {
            "timestamp": "2026-04-16 20:06:15,665",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd6b0000"
              },
              {
                "name": "FunctionName",
                "value": "WSAEventSelect"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd6c1980"
              }
            ],
            "repeated": 0,
            "id": 1582
          },
          {
            "timestamp": "2026-04-16 20:06:15,665",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd6b0000"
              },
              {
                "name": "FunctionName",
                "value": "ioctlsocket"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd6b51e0"
              }
            ],
            "repeated": 0,
            "id": 1583
          },
          {
            "timestamp": "2026-04-16 20:06:15,665",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd6b0000"
              },
              {
                "name": "FunctionName",
                "value": "closesocket"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd6b5000"
              }
            ],
            "repeated": 0,
            "id": 1584
          },
          {
            "timestamp": "2026-04-16 20:06:15,696",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\mswsock"
              },
              {
                "name": "DllBase",
                "value": "0x7ffefb660000"
              }
            ],
            "repeated": 0,
            "id": 1585
          },
          {
            "timestamp": "2026-04-16 20:06:15,696",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 2,
            "id": 1586
          },
          {
            "timestamp": "2026-04-16 20:06:15,806",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\mswsock.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefb660000"
              }
            ],
            "repeated": 0,
            "id": 1587
          },
          {
            "timestamp": "2026-04-16 20:06:19,915",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000420",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "2",
                "pretty_value": "SOCK_DGRAM"
              },
              {
                "name": "protocol",
                "value": "0"
              },
              {
                "name": "socket",
                "value": "1056"
              }
            ],
            "repeated": 0,
            "id": 1588
          },
          {
            "timestamp": "2026-04-16 20:06:19,915",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "network",
            "api": "setsockopt",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "socket",
                "value": "1056"
              },
              {
                "name": "level",
                "value": "0x7ffe0000ffff"
              },
              {
                "name": "optname",
                "value": "0x7ffe00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1589
          },
          {
            "timestamp": "2026-04-16 20:06:19,915",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1056"
              }
            ],
            "repeated": 0,
            "id": 1590
          },
          {
            "timestamp": "2026-04-16 20:06:19,915",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\mswsock.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefb660000"
              }
            ],
            "repeated": 0,
            "id": 1591
          },
          {
            "timestamp": "2026-04-16 20:06:19,915",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000420",
            "arguments": [
              {
                "name": "af",
                "value": "23",
                "pretty_value": "AF_INET6"
              },
              {
                "name": "type",
                "value": "2",
                "pretty_value": "SOCK_DGRAM"
              },
              {
                "name": "protocol",
                "value": "0"
              },
              {
                "name": "socket",
                "value": "1056"
              }
            ],
            "repeated": 0,
            "id": 1592
          },
          {
            "timestamp": "2026-04-16 20:06:19,931",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "network",
            "api": "setsockopt",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "socket",
                "value": "1056"
              },
              {
                "name": "level",
                "value": "0x7ffe0000ffff"
              },
              {
                "name": "optname",
                "value": "0x7ffe00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1593
          },
          {
            "timestamp": "2026-04-16 20:06:19,931",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1056"
              }
            ],
            "repeated": 0,
            "id": 1594
          },
          {
            "timestamp": "2026-04-16 20:06:19,931",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000328"
              },
              {
                "name": "SubKey",
                "value": "NI\\159a66b8\\424bd4d8"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\159a66b8\\424bd4d8"
              }
            ],
            "repeated": 0,
            "id": 1595
          },
          {
            "timestamp": "2026-04-16 20:06:19,931",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 2,
            "id": 1596
          },
          {
            "timestamp": "2026-04-16 20:06:19,931",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1597
          },
          {
            "timestamp": "2026-04-16 20:06:20,477",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000428"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.configuration.dll"
              }
            ],
            "repeated": 0,
            "id": 1598
          },
          {
            "timestamp": "2026-04-16 20:06:20,477",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x4000000e",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000428"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dca0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007ebea0"
              },
              {
                "name": "ViewSize",
                "value": "0x0006c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1599
          },
          {
            "timestamp": "2026-04-16 20:06:20,477",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x4000000e",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000428"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1de50000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007ebea0"
              },
              {
                "name": "ViewSize",
                "value": "0x0006c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1600
          },
          {
            "timestamp": "2026-04-16 20:06:20,477",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dca0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1601
          },
          {
            "timestamp": "2026-04-16 20:06:21,196",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.INI"
              }
            ],
            "repeated": 0,
            "id": 1602
          },
          {
            "timestamp": "2026-04-16 20:06:21,931",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b220000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1603
          },
          {
            "timestamp": "2026-04-16 20:06:21,931",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b220000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1604
          },
          {
            "timestamp": "2026-04-16 20:06:21,931",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b229000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1605
          },
          {
            "timestamp": "2026-04-16 20:06:21,977",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1f7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1606
          },
          {
            "timestamp": "2026-04-16 20:06:22,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b22b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1607
          },
          {
            "timestamp": "2026-04-16 20:06:22,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b22c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1608
          },
          {
            "timestamp": "2026-04-16 20:06:22,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1609
          },
          {
            "timestamp": "2026-04-16 20:06:22,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.configuration.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1610
          },
          {
            "timestamp": "2026-04-16 20:06:22,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.configuration.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1611
          },
          {
            "timestamp": "2026-04-16 20:06:22,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000002"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dca0000"
              }
            ],
            "repeated": 0,
            "id": 1612
          },
          {
            "timestamp": "2026-04-16 20:06:22,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x1dca0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000009"
              }
            ],
            "repeated": 0,
            "id": 1613
          },
          {
            "timestamp": "2026-04-16 20:06:22,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000042c"
              }
            ],
            "repeated": 0,
            "id": 1614
          },
          {
            "timestamp": "2026-04-16 20:06:23,056",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "filesystem",
            "api": "GetFileVersionInfoSizeW",
            "status": true,
            "return": "0x000007ec",
            "arguments": [
              {
                "name": "PathName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.dll"
              }
            ],
            "repeated": 0,
            "id": 1615
          },
          {
            "timestamp": "2026-04-16 20:06:23,056",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "filesystem",
            "api": "GetFileVersionInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "PathName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.dll"
              }
            ],
            "repeated": 0,
            "id": 1616
          },
          {
            "timestamp": "2026-04-16 20:06:24,290",
            "thread_id": "812",
            "caller": "0x7ffe4b1997d6",
            "parentcaller": "0x7ffe4b1993d5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1f8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1617
          },
          {
            "timestamp": "2026-04-16 20:06:24,712",
            "thread_id": "812",
            "caller": "0x7ffe4b1998a1",
            "parentcaller": "0x7ffe4b1997d6",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b05f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1618
          },
          {
            "timestamp": "2026-04-16 20:06:24,712",
            "thread_id": "812",
            "caller": "0x7ffe4b1998a1",
            "parentcaller": "0x7ffe4b1997d6",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1f9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1619
          },
          {
            "timestamp": "2026-04-16 20:06:24,712",
            "thread_id": "812",
            "caller": "0x7ffe4b1998a1",
            "parentcaller": "0x7ffe4b1997d6",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c33000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1620
          },
          {
            "timestamp": "2026-04-16 20:06:25,415",
            "thread_id": "812",
            "caller": "0x7ffe4b199af7",
            "parentcaller": "0x7ffe4b1998a1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b22d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1621
          },
          {
            "timestamp": "2026-04-16 20:06:25,415",
            "thread_id": "812",
            "caller": "0x7ffe4b199b50",
            "parentcaller": "0x7ffe4b1998a1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1fa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1622
          },
          {
            "timestamp": "2026-04-16 20:06:25,774",
            "thread_id": "812",
            "caller": "0x7ffe4b199e4f",
            "parentcaller": "0x7ffe4b199ce4",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c33000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1623
          },
          {
            "timestamp": "2026-04-16 20:06:25,774",
            "thread_id": "812",
            "caller": "0x7ffe4b199e4f",
            "parentcaller": "0x7ffe4b199ce4",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1624
          },
          {
            "timestamp": "2026-04-16 20:06:25,774",
            "thread_id": "812",
            "caller": "0x7ffe4b199f33",
            "parentcaller": "0x7ffe4b199e4f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1625
          },
          {
            "timestamp": "2026-04-16 20:06:25,774",
            "thread_id": "812",
            "caller": "0x7ffe4b199d20",
            "parentcaller": "0x7ffe4b199b50",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c33000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1626
          },
          {
            "timestamp": "2026-04-16 20:06:25,774",
            "thread_id": "812",
            "caller": "0x7ffe4b199d20",
            "parentcaller": "0x7ffe4b199b50",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1627
          },
          {
            "timestamp": "2026-04-16 20:06:25,790",
            "thread_id": "812",
            "caller": "0x7ffe4b199d20",
            "parentcaller": "0x7ffe4b199b50",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b230000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1628
          },
          {
            "timestamp": "2026-04-16 20:06:25,790",
            "thread_id": "812",
            "caller": "0x7ffe4b199d20",
            "parentcaller": "0x7ffe4b199b50",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b230000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1629
          },
          {
            "timestamp": "2026-04-16 20:06:26,056",
            "thread_id": "812",
            "caller": "0x7ffe4b199d20",
            "parentcaller": "0x7ffe4b199b50",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b19a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1630
          },
          {
            "timestamp": "2026-04-16 20:06:26,056",
            "thread_id": "812",
            "caller": "0x7ffe4b199d20",
            "parentcaller": "0x7ffe4b199b50",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c36000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1631
          },
          {
            "timestamp": "2026-04-16 20:06:26,056",
            "thread_id": "812",
            "caller": "0x7ffe4b199d20",
            "parentcaller": "0x7ffe4b199b50",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1632
          },
          {
            "timestamp": "2026-04-16 20:06:26,056",
            "thread_id": "812",
            "caller": "0x7ffe4b19a017",
            "parentcaller": "0x7ffe4b199d20",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1633
          },
          {
            "timestamp": "2026-04-16 20:06:26,087",
            "thread_id": "812",
            "caller": "0x7ffe4b19a10b",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1fc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1634
          },
          {
            "timestamp": "2026-04-16 20:06:26,102",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b22e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1635
          },
          {
            "timestamp": "2026-04-16 20:06:26,337",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1fd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1636
          },
          {
            "timestamp": "2026-04-16 20:06:26,337",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b231000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1637
          },
          {
            "timestamp": "2026-04-16 20:06:26,337",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c36000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1638
          },
          {
            "timestamp": "2026-04-16 20:06:26,337",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1fe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1639
          },
          {
            "timestamp": "2026-04-16 20:06:27,212",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02840000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1640
          },
          {
            "timestamp": "2026-04-16 20:06:27,212",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04100000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1641
          },
          {
            "timestamp": "2026-04-16 20:06:27,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04120000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1642
          },
          {
            "timestamp": "2026-04-16 20:06:27,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04eb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1643
          },
          {
            "timestamp": "2026-04-16 20:06:27,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1644
          },
          {
            "timestamp": "2026-04-16 20:06:27,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1645
          },
          {
            "timestamp": "2026-04-16 20:06:27,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1646
          },
          {
            "timestamp": "2026-04-16 20:06:27,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1647
          },
          {
            "timestamp": "2026-04-16 20:06:27,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dec0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1648
          },
          {
            "timestamp": "2026-04-16 20:06:27,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ded0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1649
          },
          {
            "timestamp": "2026-04-16 20:06:27,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dee0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1650
          },
          {
            "timestamp": "2026-04-16 20:06:27,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e041000"
              },
              {
                "name": "RegionSize",
                "value": "0x00056000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1651
          },
          {
            "timestamp": "2026-04-16 20:06:27,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1def0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1652
          },
          {
            "timestamp": "2026-04-16 20:06:27,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1df00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1653
          },
          {
            "timestamp": "2026-04-16 20:06:27,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1df10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1654
          },
          {
            "timestamp": "2026-04-16 20:06:27,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1df20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1655
          },
          {
            "timestamp": "2026-04-16 20:06:27,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e340000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1656
          },
          {
            "timestamp": "2026-04-16 20:06:27,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e350000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1657
          },
          {
            "timestamp": "2026-04-16 20:06:27,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e360000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1658
          },
          {
            "timestamp": "2026-04-16 20:06:27,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c45000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1659
          },
          {
            "timestamp": "2026-04-16 20:06:27,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e370000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1660
          },
          {
            "timestamp": "2026-04-16 20:06:27,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e380000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1661
          },
          {
            "timestamp": "2026-04-16 20:06:27,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3e000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001a000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1662
          },
          {
            "timestamp": "2026-04-16 20:06:27,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e08a000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1663
          },
          {
            "timestamp": "2026-04-16 20:06:27,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e08a000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1664
          },
          {
            "timestamp": "2026-04-16 20:06:27,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e098000"
              },
              {
                "name": "RegionSize",
                "value": "0x00025000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1665
          },
          {
            "timestamp": "2026-04-16 20:06:27,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3e000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1666
          },
          {
            "timestamp": "2026-04-16 20:06:27,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e390000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1667
          },
          {
            "timestamp": "2026-04-16 20:06:27,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e3a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1668
          },
          {
            "timestamp": "2026-04-16 20:06:27,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e3b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1669
          },
          {
            "timestamp": "2026-04-16 20:06:27,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e3c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1670
          },
          {
            "timestamp": "2026-04-16 20:06:27,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e3d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1671
          },
          {
            "timestamp": "2026-04-16 20:06:27,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e3e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1672
          },
          {
            "timestamp": "2026-04-16 20:06:27,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e3f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1673
          },
          {
            "timestamp": "2026-04-16 20:06:27,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e400000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1674
          },
          {
            "timestamp": "2026-04-16 20:06:27,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c59000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1675
          },
          {
            "timestamp": "2026-04-16 20:06:27,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e410000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1676
          },
          {
            "timestamp": "2026-04-16 20:06:27,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e420000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1677
          },
          {
            "timestamp": "2026-04-16 20:06:27,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c4b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1678
          },
          {
            "timestamp": "2026-04-16 20:06:27,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e0b3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1679
          },
          {
            "timestamp": "2026-04-16 20:06:27,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c4b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1680
          },
          {
            "timestamp": "2026-04-16 20:06:27,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e0b3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1681
          },
          {
            "timestamp": "2026-04-16 20:06:27,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e08f000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002d000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1682
          },
          {
            "timestamp": "2026-04-16 20:06:27,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1683
          },
          {
            "timestamp": "2026-04-16 20:06:27,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e08f000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002d000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1684
          },
          {
            "timestamp": "2026-04-16 20:06:27,259",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b19b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1685
          },
          {
            "timestamp": "2026-04-16 20:06:27,259",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1686
          },
          {
            "timestamp": "2026-04-16 20:06:27,259",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b22f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1687
          },
          {
            "timestamp": "2026-04-16 20:06:27,259",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e048000"
              },
              {
                "name": "RegionSize",
                "value": "0x00074000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1688
          },
          {
            "timestamp": "2026-04-16 20:06:27,259",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1689
          },
          {
            "timestamp": "2026-04-16 20:06:27,259",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e048000"
              },
              {
                "name": "RegionSize",
                "value": "0x00074000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1690
          },
          {
            "timestamp": "2026-04-16 20:06:27,259",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1691
          },
          {
            "timestamp": "2026-04-16 20:06:27,259",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e041000"
              },
              {
                "name": "RegionSize",
                "value": "0x0007b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1692
          },
          {
            "timestamp": "2026-04-16 20:06:27,259",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c36000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1693
          },
          {
            "timestamp": "2026-04-16 20:06:27,259",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e3f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1694
          },
          {
            "timestamp": "2026-04-16 20:06:27,259",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e360000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1695
          },
          {
            "timestamp": "2026-04-16 20:06:27,259",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e3b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1696
          },
          {
            "timestamp": "2026-04-16 20:06:27,259",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04110000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1697
          },
          {
            "timestamp": "2026-04-16 20:06:27,259",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e3c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1698
          },
          {
            "timestamp": "2026-04-16 20:06:27,259",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e3d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1699
          },
          {
            "timestamp": "2026-04-16 20:06:27,259",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e3e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1700
          },
          {
            "timestamp": "2026-04-16 20:06:27,259",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e410000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1701
          },
          {
            "timestamp": "2026-04-16 20:06:27,259",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e420000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1702
          },
          {
            "timestamp": "2026-04-16 20:06:27,259",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e400000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1703
          },
          {
            "timestamp": "2026-04-16 20:06:27,259",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e380000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1704
          },
          {
            "timestamp": "2026-04-16 20:06:27,259",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e350000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1705
          },
          {
            "timestamp": "2026-04-16 20:06:27,259",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e340000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1706
          },
          {
            "timestamp": "2026-04-16 20:06:27,259",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1df20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1707
          },
          {
            "timestamp": "2026-04-16 20:06:27,274",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1df10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1708
          },
          {
            "timestamp": "2026-04-16 20:06:27,274",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1df00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1709
          },
          {
            "timestamp": "2026-04-16 20:06:27,274",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1def0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1710
          },
          {
            "timestamp": "2026-04-16 20:06:27,274",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1711
          },
          {
            "timestamp": "2026-04-16 20:06:27,274",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02810000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1712
          },
          {
            "timestamp": "2026-04-16 20:06:27,274",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1713
          },
          {
            "timestamp": "2026-04-16 20:06:27,274",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1714
          },
          {
            "timestamp": "2026-04-16 20:06:27,274",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dee0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1715
          },
          {
            "timestamp": "2026-04-16 20:06:27,274",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ded0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1716
          },
          {
            "timestamp": "2026-04-16 20:06:27,274",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dec0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1717
          },
          {
            "timestamp": "2026-04-16 20:06:27,274",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1718
          },
          {
            "timestamp": "2026-04-16 20:06:27,274",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1719
          },
          {
            "timestamp": "2026-04-16 20:06:27,274",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1720
          },
          {
            "timestamp": "2026-04-16 20:06:27,274",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04eb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1721
          },
          {
            "timestamp": "2026-04-16 20:06:27,274",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04120000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1722
          },
          {
            "timestamp": "2026-04-16 20:06:27,274",
            "thread_id": "812",
            "caller": "0x7ffe4b19a14a",
            "parentcaller": "0x7ffe4b19a017",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04100000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1723
          },
          {
            "timestamp": "2026-04-16 20:06:27,290",
            "thread_id": "812",
            "caller": "0x7ffe4b199d3b",
            "parentcaller": "0x7ffe4b199b50",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1ff000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1724
          },
          {
            "timestamp": "2026-04-16 20:06:27,368",
            "thread_id": "812",
            "caller": "0x7ffe4b199d3b",
            "parentcaller": "0x7ffe4b199b50",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1725
          },
          {
            "timestamp": "2026-04-16 20:06:27,368",
            "thread_id": "812",
            "caller": "0x7ffe4b199d3b",
            "parentcaller": "0x7ffe4b199b50",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c36000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1726
          },
          {
            "timestamp": "2026-04-16 20:06:27,368",
            "thread_id": "812",
            "caller": "0x7ffe4b199d3b",
            "parentcaller": "0x7ffe4b199b50",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1727
          },
          {
            "timestamp": "2026-04-16 20:06:27,368",
            "thread_id": "812",
            "caller": "0x7ffe4b199d3b",
            "parentcaller": "0x7ffe4b199b50",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02810000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1728
          },
          {
            "timestamp": "2026-04-16 20:06:27,368",
            "thread_id": "812",
            "caller": "0x7ffe4b199d3b",
            "parentcaller": "0x7ffe4b199b50",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b240000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1729
          },
          {
            "timestamp": "2026-04-16 20:06:27,368",
            "thread_id": "812",
            "caller": "0x7ffe4b199d3b",
            "parentcaller": "0x7ffe4b199b50",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b240000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1730
          },
          {
            "timestamp": "2026-04-16 20:06:27,368",
            "thread_id": "812",
            "caller": "0x7ffe4b199d3b",
            "parentcaller": "0x7ffe4b199b50",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1731
          },
          {
            "timestamp": "2026-04-16 20:06:27,368",
            "thread_id": "812",
            "caller": "0x7ffe4b199d3b",
            "parentcaller": "0x7ffe4b199b50",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02820000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1732
          },
          {
            "timestamp": "2026-04-16 20:06:27,368",
            "thread_id": "812",
            "caller": "0x7ffe4b199d3b",
            "parentcaller": "0x7ffe4b199b50",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02840000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1733
          },
          {
            "timestamp": "2026-04-16 20:06:27,384",
            "thread_id": "812",
            "caller": "0x7ffe4b199c16",
            "parentcaller": "0x7ffe4b1998a1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c36000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1734
          },
          {
            "timestamp": "2026-04-16 20:06:27,384",
            "thread_id": "812",
            "caller": "0x7ffe4b199c16",
            "parentcaller": "0x7ffe4b1998a1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1735
          },
          {
            "timestamp": "2026-04-16 20:06:27,384",
            "thread_id": "812",
            "caller": "0x7ffe4b19bd73",
            "parentcaller": "0x7ffe4b199c16",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1736
          },
          {
            "timestamp": "2026-04-16 20:06:28,024",
            "thread_id": "812",
            "caller": "0x7ffe4b19bee0",
            "parentcaller": "0x7ffe4b19bdd1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1737
          },
          {
            "timestamp": "2026-04-16 20:06:28,024",
            "thread_id": "812",
            "caller": "0x7ffe4b19bee0",
            "parentcaller": "0x7ffe4b19bdd1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c36000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1738
          },
          {
            "timestamp": "2026-04-16 20:06:28,024",
            "thread_id": "812",
            "caller": "0x7ffe4b19bee0",
            "parentcaller": "0x7ffe4b19bdd1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02820000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1739
          },
          {
            "timestamp": "2026-04-16 20:06:28,024",
            "thread_id": "812",
            "caller": "0x7ffe4b19bee0",
            "parentcaller": "0x7ffe4b19bdd1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02840000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1740
          },
          {
            "timestamp": "2026-04-16 20:06:28,040",
            "thread_id": "812",
            "caller": "0x7ffe4b19bee0",
            "parentcaller": "0x7ffe4b19bdd1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04100000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1741
          },
          {
            "timestamp": "2026-04-16 20:06:28,040",
            "thread_id": "812",
            "caller": "0x7ffe4b19bee0",
            "parentcaller": "0x7ffe4b19bdd1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04110000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1742
          },
          {
            "timestamp": "2026-04-16 20:06:28,040",
            "thread_id": "812",
            "caller": "0x7ffe4b19bee0",
            "parentcaller": "0x7ffe4b19bdd1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04120000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1743
          },
          {
            "timestamp": "2026-04-16 20:06:28,040",
            "thread_id": "812",
            "caller": "0x7ffe4b19bee0",
            "parentcaller": "0x7ffe4b19bdd1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b19c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1744
          },
          {
            "timestamp": "2026-04-16 20:06:28,040",
            "thread_id": "812",
            "caller": "0x7ffe4b19bee0",
            "parentcaller": "0x7ffe4b19bdd1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b241000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1745
          },
          {
            "timestamp": "2026-04-16 20:06:28,040",
            "thread_id": "812",
            "caller": "0x7ffe4b19bee0",
            "parentcaller": "0x7ffe4b19bdd1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04110000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1746
          },
          {
            "timestamp": "2026-04-16 20:06:28,040",
            "thread_id": "812",
            "caller": "0x7ffe4b19bee0",
            "parentcaller": "0x7ffe4b19bdd1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1747
          },
          {
            "timestamp": "2026-04-16 20:06:28,040",
            "thread_id": "812",
            "caller": "0x7ffe4b19bee0",
            "parentcaller": "0x7ffe4b19bdd1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e390000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1748
          },
          {
            "timestamp": "2026-04-16 20:06:28,040",
            "thread_id": "812",
            "caller": "0x7ffe4b19bee0",
            "parentcaller": "0x7ffe4b19bdd1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04100000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1749
          },
          {
            "timestamp": "2026-04-16 20:06:28,040",
            "thread_id": "812",
            "caller": "0x7ffe4b19bee0",
            "parentcaller": "0x7ffe4b19bdd1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04120000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1750
          },
          {
            "timestamp": "2026-04-16 20:06:28,040",
            "thread_id": "812",
            "caller": "0x7ffe4b19bee0",
            "parentcaller": "0x7ffe4b19bdd1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02840000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1751
          },
          {
            "timestamp": "2026-04-16 20:06:28,040",
            "thread_id": "812",
            "caller": "0x7ffe4b19bee0",
            "parentcaller": "0x7ffe4b19bdd1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c36000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1752
          },
          {
            "timestamp": "2026-04-16 20:06:28,040",
            "thread_id": "812",
            "caller": "0x7ffe4b19bee0",
            "parentcaller": "0x7ffe4b19bdd1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1753
          },
          {
            "timestamp": "2026-04-16 20:06:28,040",
            "thread_id": "812",
            "caller": "0x7ffe4b19c04f",
            "parentcaller": "0x7ffe4b19bee0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1754
          },
          {
            "timestamp": "2026-04-16 20:06:28,056",
            "thread_id": "812",
            "caller": "0x7ffe4b19c678",
            "parentcaller": "0x7ffe4b19c5e8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c36000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1755
          },
          {
            "timestamp": "2026-04-16 20:06:28,056",
            "thread_id": "812",
            "caller": "0x7ffe4b19c678",
            "parentcaller": "0x7ffe4b19c5e8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1756
          },
          {
            "timestamp": "2026-04-16 20:06:28,056",
            "thread_id": "812",
            "caller": "0x7ffe4b19c678",
            "parentcaller": "0x7ffe4b19c5e8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02840000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1757
          },
          {
            "timestamp": "2026-04-16 20:06:28,056",
            "thread_id": "812",
            "caller": "0x7ffe4b19c678",
            "parentcaller": "0x7ffe4b19c5e8",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1758
          },
          {
            "timestamp": "2026-04-16 20:06:28,056",
            "thread_id": "812",
            "caller": "0x7ffe4b19c678",
            "parentcaller": "0x7ffe4b19c5e8",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1759
          },
          {
            "timestamp": "2026-04-16 20:06:28,056",
            "thread_id": "812",
            "caller": "0x7ffe4b19c678",
            "parentcaller": "0x7ffe4b19c5e8",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c36000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1760
          },
          {
            "timestamp": "2026-04-16 20:06:28,056",
            "thread_id": "812",
            "caller": "0x7ffe4b19c678",
            "parentcaller": "0x7ffe4b19c5e8",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1761
          },
          {
            "timestamp": "2026-04-16 20:06:28,056",
            "thread_id": "812",
            "caller": "0x7ffe4b19c773",
            "parentcaller": "0x7ffe4b19c678",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1762
          },
          {
            "timestamp": "2026-04-16 20:06:28,056",
            "thread_id": "812",
            "caller": "0x7ffe4b19c773",
            "parentcaller": "0x7ffe4b19c678",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b044000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1763
          },
          {
            "timestamp": "2026-04-16 20:06:28,056",
            "thread_id": "812",
            "caller": "0x7ffe4b19c773",
            "parentcaller": "0x7ffe4b19c678",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c36000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1764
          },
          {
            "timestamp": "2026-04-16 20:06:28,056",
            "thread_id": "812",
            "caller": "0x7ffe4b19c773",
            "parentcaller": "0x7ffe4b19c678",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1765
          },
          {
            "timestamp": "2026-04-16 20:06:28,056",
            "thread_id": "812",
            "caller": "0x7ffe4b19c773",
            "parentcaller": "0x7ffe4b19c678",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1766
          },
          {
            "timestamp": "2026-04-16 20:06:28,056",
            "thread_id": "812",
            "caller": "0x7ffe4b19c773",
            "parentcaller": "0x7ffe4b19c678",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04100000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1767
          },
          {
            "timestamp": "2026-04-16 20:06:28,056",
            "thread_id": "812",
            "caller": "0x7ffe4b19c773",
            "parentcaller": "0x7ffe4b19c678",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b19d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1768
          },
          {
            "timestamp": "2026-04-16 20:06:28,071",
            "thread_id": "812",
            "caller": "0x7ffe4b19c773",
            "parentcaller": "0x7ffe4b19c678",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c36000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1769
          },
          {
            "timestamp": "2026-04-16 20:06:28,071",
            "thread_id": "812",
            "caller": "0x7ffe4b19c773",
            "parentcaller": "0x7ffe4b19c678",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1770
          },
          {
            "timestamp": "2026-04-16 20:06:28,071",
            "thread_id": "812",
            "caller": "0x7ffe4b19c773",
            "parentcaller": "0x7ffe4b19c678",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1771
          },
          {
            "timestamp": "2026-04-16 20:06:28,071",
            "thread_id": "812",
            "caller": "0x7ffe4b19c773",
            "parentcaller": "0x7ffe4b19c678",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02820000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1772
          },
          {
            "timestamp": "2026-04-16 20:06:28,071",
            "thread_id": "812",
            "caller": "0x7ffe4b19cbdf",
            "parentcaller": "0x7ffe4b19c773",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c36000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1773
          },
          {
            "timestamp": "2026-04-16 20:06:28,071",
            "thread_id": "812",
            "caller": "0x7ffe4b19cbdf",
            "parentcaller": "0x7ffe4b19c773",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c36000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1774
          },
          {
            "timestamp": "2026-04-16 20:06:28,071",
            "thread_id": "812",
            "caller": "0x7ffe4b19cbdf",
            "parentcaller": "0x7ffe4b19c773",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1775
          },
          {
            "timestamp": "2026-04-16 20:06:28,071",
            "thread_id": "812",
            "caller": "0x7ffe4b19cc3a",
            "parentcaller": "0x7ffe4b19c773",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1776
          },
          {
            "timestamp": "2026-04-16 20:06:28,071",
            "thread_id": "812",
            "caller": "0x7ffe4b19cc4d",
            "parentcaller": "0x7ffe4b19c773",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c36000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1777
          },
          {
            "timestamp": "2026-04-16 20:06:28,071",
            "thread_id": "812",
            "caller": "0x7ffe4b19cc4d",
            "parentcaller": "0x7ffe4b19c773",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c36000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1778
          },
          {
            "timestamp": "2026-04-16 20:06:28,071",
            "thread_id": "812",
            "caller": "0x7ffe4b19cc4d",
            "parentcaller": "0x7ffe4b19c773",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1779
          },
          {
            "timestamp": "2026-04-16 20:06:28,071",
            "thread_id": "812",
            "caller": "0x7ffe4b19cc74",
            "parentcaller": "0x7ffe4b19c773",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1780
          },
          {
            "timestamp": "2026-04-16 20:06:28,071",
            "thread_id": "812",
            "caller": "0x7ffe4b19cc74",
            "parentcaller": "0x7ffe4b19c773",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b242000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1781
          },
          {
            "timestamp": "2026-04-16 20:06:28,071",
            "thread_id": "812",
            "caller": "0x7ffe4b19cc74",
            "parentcaller": "0x7ffe4b19c773",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c36000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1782
          },
          {
            "timestamp": "2026-04-16 20:06:28,071",
            "thread_id": "812",
            "caller": "0x7ffe4b19cc74",
            "parentcaller": "0x7ffe4b19c773",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1783
          },
          {
            "timestamp": "2026-04-16 20:06:28,071",
            "thread_id": "812",
            "caller": "0x7ffe4b19cc74",
            "parentcaller": "0x7ffe4b19c773",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1784
          },
          {
            "timestamp": "2026-04-16 20:06:28,071",
            "thread_id": "812",
            "caller": "0x7ffe4b19cc74",
            "parentcaller": "0x7ffe4b19c773",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02820000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1785
          },
          {
            "timestamp": "2026-04-16 20:06:28,087",
            "thread_id": "812",
            "caller": "0x7ffe4b19cc74",
            "parentcaller": "0x7ffe4b19c773",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1786
          },
          {
            "timestamp": "2026-04-16 20:06:28,087",
            "thread_id": "812",
            "caller": "0x7ffe4b19cc74",
            "parentcaller": "0x7ffe4b19c773",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1787
          },
          {
            "timestamp": "2026-04-16 20:06:28,087",
            "thread_id": "812",
            "caller": "0x7ffe4b19cc74",
            "parentcaller": "0x7ffe4b19c773",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02800000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1788
          },
          {
            "timestamp": "2026-04-16 20:06:28,087",
            "thread_id": "812",
            "caller": "0x7ffe4b19cc74",
            "parentcaller": "0x7ffe4b19c773",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c36000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1789
          },
          {
            "timestamp": "2026-04-16 20:06:28,087",
            "thread_id": "812",
            "caller": "0x7ffe4b19cc74",
            "parentcaller": "0x7ffe4b19c773",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1790
          },
          {
            "timestamp": "2026-04-16 20:06:28,087",
            "thread_id": "812",
            "caller": "0x7ffe4b19ccac",
            "parentcaller": "0x7ffe4b19c773",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1791
          },
          {
            "timestamp": "2026-04-16 20:06:28,212",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b250000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1792
          },
          {
            "timestamp": "2026-04-16 20:06:28,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b250000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1793
          },
          {
            "timestamp": "2026-04-16 20:06:28,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000328"
              },
              {
                "name": "SubKey",
                "value": "NI\\6faf58\\19ab8d57"
              },
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57"
              }
            ],
            "repeated": 0,
            "id": 1794
          },
          {
            "timestamp": "2026-04-16 20:06:28,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "7"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7"
              }
            ],
            "repeated": 0,
            "id": 1795
          },
          {
            "timestamp": "2026-04-16 20:06:28,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\"
              }
            ],
            "repeated": 0,
            "id": 1796
          },
          {
            "timestamp": "2026-04-16 20:06:28,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 1797
          },
          {
            "timestamp": "2026-04-16 20:06:28,227",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000328"
              },
              {
                "name": "SubKey",
                "value": "NI\\6faf58\\19ab8d57\\7"
              },
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7"
              }
            ],
            "repeated": 0,
            "id": 1798
          },
          {
            "timestamp": "2026-04-16 20:06:28,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "System.Xml,2.0.0.0,,b77a5c561934e089"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 1799
          },
          {
            "timestamp": "2026-04-16 20:06:28,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ConfigMask"
              },
              {
                "name": "Data",
                "value": "4361"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\ConfigMask"
              }
            ],
            "repeated": 0,
            "id": 1800
          },
          {
            "timestamp": "2026-04-16 20:06:28,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ConfigString"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\ConfigString"
              }
            ],
            "repeated": 0,
            "id": 1801
          },
          {
            "timestamp": "2026-04-16 20:06:28,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "MVID"
              },
              {
                "name": "Data",
                "value": "\\x8cQv\\xbaQ.\\x86OzM\\xec;\\x9e\\x05.b"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\MVID"
              }
            ],
            "repeated": 0,
            "id": 1802
          },
          {
            "timestamp": "2026-04-16 20:06:28,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 1803
          },
          {
            "timestamp": "2026-04-16 20:06:28,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000328"
              },
              {
                "name": "SubKey",
                "value": "NI\\6faf58\\19ab8d57\\7"
              },
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7"
              }
            ],
            "repeated": 0,
            "id": 1804
          },
          {
            "timestamp": "2026-04-16 20:06:28,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "EvalationData"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\EvalationData"
              }
            ],
            "repeated": 0,
            "id": 1805
          },
          {
            "timestamp": "2026-04-16 20:06:28,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\Status"
              }
            ],
            "repeated": 0,
            "id": 1806
          },
          {
            "timestamp": "2026-04-16 20:06:28,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "ILDependencies"
              },
              {
                "name": "Data",
                "value": "\\xd8\\xd4KB\\xd5\\x04\\xc5\\x0c\\x06\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xee\\x8fcu';Y\\x11\\x05\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00W\\x8d\\xab\\x19t&\\xa3.\\x07\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\ILDependencies"
              }
            ],
            "repeated": 0,
            "id": 1807
          },
          {
            "timestamp": "2026-04-16 20:06:28,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "NIDependencies"
              },
              {
                "name": "Data",
                "value": "\\xc68\\x19\\x18\\xc5\\xe2Py\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00O|\\xbc0O\\xfeP?\\x08\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\NIDependencies"
              }
            ],
            "repeated": 0,
            "id": 1808
          },
          {
            "timestamp": "2026-04-16 20:06:28,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "MissingDependencies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\MissingDependencies"
              }
            ],
            "repeated": 0,
            "id": 1809
          },
          {
            "timestamp": "2026-04-16 20:06:28,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 1810
          },
          {
            "timestamp": "2026-04-16 20:06:28,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000328"
              },
              {
                "name": "SubKey",
                "value": "IL\\75638fee\\11593b27\\5"
              },
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\75638fee\\11593b27\\5"
              }
            ],
            "repeated": 0,
            "id": 1811
          },
          {
            "timestamp": "2026-04-16 20:06:28,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "System.Data.SqlXml,2.0.0.0,,b77a5c561934e089"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\75638fee\\11593b27\\5\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 1812
          },
          {
            "timestamp": "2026-04-16 20:06:28,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "4098"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\75638fee\\11593b27\\5\\Status"
              }
            ],
            "repeated": 0,
            "id": 1813
          },
          {
            "timestamp": "2026-04-16 20:06:28,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "Modules"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\75638fee\\11593b27\\5\\Modules"
              }
            ],
            "repeated": 0,
            "id": 1814
          },
          {
            "timestamp": "2026-04-16 20:06:28,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "SIG"
              },
              {
                "name": "Data",
                "value": "9S\\x1e/K\\x98DN\\xa1\\xa3^\\xba\\xd8\\xae\\xa3M\\x85\\x11\\x9b\\x17\\x815z^\\x15:\\xb8\\xb7\\x13\\x01\\xd4)\\xebl\\xb1\\x90"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\75638fee\\11593b27\\5\\SIG"
              }
            ],
            "repeated": 0,
            "id": 1815
          },
          {
            "timestamp": "2026-04-16 20:06:28,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              },
              {
                "name": "ValueName",
                "value": "LastModTime"
              },
              {
                "name": "Data",
                "value": "\\x00\\xe8\\xdd\\xc5;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\75638fee\\11593b27\\5\\LastModTime"
              }
            ],
            "repeated": 0,
            "id": 1816
          },
          {
            "timestamp": "2026-04-16 20:06:28,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 1817
          },
          {
            "timestamp": "2026-04-16 20:06:28,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c36000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1818
          },
          {
            "timestamp": "2026-04-16 20:06:28,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000364"
              },
              {
                "name": "SubKey",
                "value": "policy.2.0.System.Data.SqlXml__b77a5c561934e089"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Data.SqlXml__b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 1819
          },
          {
            "timestamp": "2026-04-16 20:06:28,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000330"
              },
              {
                "name": "ValueName",
                "value": "System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL"
              },
              {
                "name": "Data",
                "value": "\\x00\\xe8\\xdd\\xc5;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL"
              }
            ],
            "repeated": 0,
            "id": 1820
          },
          {
            "timestamp": "2026-04-16 20:06:28,243",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 1821
          },
          {
            "timestamp": "2026-04-16 20:06:28,509",
            "thread_id": "4860",
            "caller": "0x7ffe4b196d3c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "SetThreadExecutionState"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe400a20"
              }
            ],
            "repeated": 0,
            "id": 1822
          },
          {
            "timestamp": "2026-04-16 20:06:28,509",
            "thread_id": "4860",
            "caller": "0x7ffe4b196d1f",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20000"
              }
            ],
            "repeated": 0,
            "id": 1823
          },
          {
            "timestamp": "2026-04-16 20:06:29,712",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Xml\\8c5176ba512e864f7a4dec3b9e052e62\\System.Xml.ni"
              },
              {
                "name": "DllBase",
                "value": "0x7ffea5e60000"
              }
            ],
            "repeated": 0,
            "id": 1824
          },
          {
            "timestamp": "2026-04-16 20:06:29,712",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Xml\\8c5176ba512e864f7a4dec3b9e052e62\\System.Xml.ni.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffea5e60000"
              }
            ],
            "repeated": 0,
            "id": 1825
          },
          {
            "timestamp": "2026-04-16 20:06:29,712",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffea5e60000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Xml\\8c5176ba512e864f7a4dec3b9e052e62\\System.Xml.ni.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 1826
          },
          {
            "timestamp": "2026-04-16 20:06:29,977",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 3,
            "id": 1827
          },
          {
            "timestamp": "2026-04-16 20:06:29,977",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "MSCORWKS.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeaa720000"
              }
            ],
            "repeated": 0,
            "id": 1828
          },
          {
            "timestamp": "2026-04-16 20:06:29,977",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "mscorjit.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeac470000"
              }
            ],
            "repeated": 0,
            "id": 1829
          },
          {
            "timestamp": "2026-04-16 20:06:29,977",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.INI"
              }
            ],
            "repeated": 0,
            "id": 1830
          },
          {
            "timestamp": "2026-04-16 20:06:30,993",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffea64ef000"
              },
              {
                "name": "ModuleName",
                "value": "System.Xml.ni.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00004000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1831
          },
          {
            "timestamp": "2026-04-16 20:06:31,009",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffea64ef000"
              },
              {
                "name": "ModuleName",
                "value": "System.Xml.ni.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00004000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1832
          },
          {
            "timestamp": "2026-04-16 20:06:33,040",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b251000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1833
          },
          {
            "timestamp": "2026-04-16 20:06:33,915",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1834
          },
          {
            "timestamp": "2026-04-16 20:06:33,915",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1835
          },
          {
            "timestamp": "2026-04-16 20:06:33,915",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02800000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1836
          },
          {
            "timestamp": "2026-04-16 20:06:33,915",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04110000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1837
          },
          {
            "timestamp": "2026-04-16 20:06:33,915",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04120000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1838
          },
          {
            "timestamp": "2026-04-16 20:06:33,915",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04eb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1839
          },
          {
            "timestamp": "2026-04-16 20:06:33,915",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1840
          },
          {
            "timestamp": "2026-04-16 20:06:33,915",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e041000"
              },
              {
                "name": "RegionSize",
                "value": "0x0007b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1841
          },
          {
            "timestamp": "2026-04-16 20:06:33,915",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1842
          },
          {
            "timestamp": "2026-04-16 20:06:33,915",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1843
          },
          {
            "timestamp": "2026-04-16 20:06:33,915",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1844
          },
          {
            "timestamp": "2026-04-16 20:06:33,915",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dec0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1845
          },
          {
            "timestamp": "2026-04-16 20:06:33,915",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ded0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1846
          },
          {
            "timestamp": "2026-04-16 20:06:33,915",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dee0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1847
          },
          {
            "timestamp": "2026-04-16 20:06:33,915",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1def0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1848
          },
          {
            "timestamp": "2026-04-16 20:06:33,915",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1df00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1849
          },
          {
            "timestamp": "2026-04-16 20:06:33,915",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1df10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1850
          },
          {
            "timestamp": "2026-04-16 20:06:33,915",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1df20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1851
          },
          {
            "timestamp": "2026-04-16 20:06:33,915",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e067000"
              },
              {
                "name": "RegionSize",
                "value": "0x00055000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1852
          },
          {
            "timestamp": "2026-04-16 20:06:33,915",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1853
          },
          {
            "timestamp": "2026-04-16 20:06:33,915",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1854
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b19e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1855
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b243000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1856
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e340000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1857
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e067000"
              },
              {
                "name": "RegionSize",
                "value": "0x00055000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1858
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e041000"
              },
              {
                "name": "RegionSize",
                "value": "0x0007b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1859
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c45000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1860
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c45000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1861
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1def0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1862
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1df20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1863
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e340000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1864
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1ded0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1865
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02840000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1866
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1867
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dee0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1868
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1df00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1869
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dec0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1870
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1df10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1871
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1872
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1873
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1874
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dd10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1875
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04eb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1876
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04100000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1877
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1878
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04120000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1879
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1880
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19af07",
            "parentcaller": "0x7ffe4b19cdb1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1881
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19dd7e",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1882
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19ead4",
            "parentcaller": "0x7ffe4b19ddc8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1883
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19eb83",
            "parentcaller": "0x7ffe4b19ead4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentProcess"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe404880"
              }
            ],
            "repeated": 0,
            "id": 1884
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19eb83",
            "parentcaller": "0x7ffe4b19ead4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentProcessW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1885
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19eb83",
            "parentcaller": "0x7ffe4b19ead4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "OpenProcessToken"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd736b50"
              }
            ],
            "repeated": 0,
            "id": 1886
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19eb83",
            "parentcaller": "0x7ffe4b19ead4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "OpenProcessTokenW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1887
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19eb83",
            "parentcaller": "0x7ffe4b19ead4",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 1888
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19ec39",
            "parentcaller": "0x7ffe4b19ddfd",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework\\Policy\\AppPatch"
              },
              {
                "name": "Handle",
                "value": "0x00000430"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\AppPatch"
              }
            ],
            "repeated": 0,
            "id": 1889
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19ec39",
            "parentcaller": "0x7ffe4b19ddfd",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319"
              }
            ],
            "repeated": 0,
            "id": 1890
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19ec39",
            "parentcaller": "0x7ffe4b19ddfd",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000430"
              },
              {
                "name": "SubKey",
                "value": "v4.0.30319.00000"
              },
              {
                "name": "Handle",
                "value": "0x0000042c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\AppPatch\\v4.0.30319.00000"
              }
            ],
            "repeated": 0,
            "id": 1891
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19ec39",
            "parentcaller": "0x7ffe4b19ddfd",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              }
            ],
            "repeated": 0,
            "id": 1892
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19ec39",
            "parentcaller": "0x7ffe4b19ddfd",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000042c"
              },
              {
                "name": "SubKey",
                "value": "mscorwks.dll"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\AppPatch\\v4.0.30319.00000\\mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 1893
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19ec39",
            "parentcaller": "0x7ffe4b19ddfd",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000042c"
              }
            ],
            "repeated": 0,
            "id": 1894
          },
          {
            "timestamp": "2026-04-16 20:06:33,931",
            "thread_id": "812",
            "caller": "0x7ffe4b19de51",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1895
          },
          {
            "timestamp": "2026-04-16 20:06:33,946",
            "thread_id": "812",
            "caller": "0x7ffe4b19de51",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1896
          },
          {
            "timestamp": "2026-04-16 20:06:33,946",
            "thread_id": "812",
            "caller": "0x7ffe4b19de51",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02840000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1897
          },
          {
            "timestamp": "2026-04-16 20:06:33,946",
            "thread_id": "812",
            "caller": "0x7ffe4b19de51",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04100000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1898
          },
          {
            "timestamp": "2026-04-16 20:06:33,946",
            "thread_id": "812",
            "caller": "0x7ffe4b19de51",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04120000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1899
          },
          {
            "timestamp": "2026-04-16 20:06:33,946",
            "thread_id": "812",
            "caller": "0x7ffe4b19de51",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1900
          },
          {
            "timestamp": "2026-04-16 20:06:33,946",
            "thread_id": "812",
            "caller": "0x7ffe4b19de51",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b19f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1901
          },
          {
            "timestamp": "2026-04-16 20:06:33,946",
            "thread_id": "812",
            "caller": "0x7ffe4b19de51",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1902
          },
          {
            "timestamp": "2026-04-16 20:06:33,946",
            "thread_id": "812",
            "caller": "0x7ffe4b19de51",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b244000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1903
          },
          {
            "timestamp": "2026-04-16 20:06:33,946",
            "thread_id": "812",
            "caller": "0x7ffe4b19de51",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02840000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1904
          },
          {
            "timestamp": "2026-04-16 20:06:33,946",
            "thread_id": "812",
            "caller": "0x7ffe4b19de51",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02800000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1905
          },
          {
            "timestamp": "2026-04-16 20:06:33,946",
            "thread_id": "812",
            "caller": "0x7ffe4b19de51",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e370000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1906
          },
          {
            "timestamp": "2026-04-16 20:06:33,946",
            "thread_id": "812",
            "caller": "0x7ffe4b19de51",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04120000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1907
          },
          {
            "timestamp": "2026-04-16 20:06:33,946",
            "thread_id": "812",
            "caller": "0x7ffe4b19de51",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04100000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1908
          },
          {
            "timestamp": "2026-04-16 20:06:33,993",
            "thread_id": "812",
            "caller": "0x7ffe4b19ee65",
            "parentcaller": "0x7ffe4b19de51",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 1909
          },
          {
            "timestamp": "2026-04-16 20:06:33,993",
            "thread_id": "812",
            "caller": "0x7ffe4b19ee65",
            "parentcaller": "0x7ffe4b19de51",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1910
          },
          {
            "timestamp": "2026-04-16 20:06:33,993",
            "thread_id": "812",
            "caller": "0x7ffe4b19ee65",
            "parentcaller": "0x7ffe4b19de51",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00P\\x00\\x00\\x00\\x00\\x00\\x00`O\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1911
          },
          {
            "timestamp": "2026-04-16 20:06:34,009",
            "thread_id": "812",
            "caller": "0x7ffe4b19ee65",
            "parentcaller": "0x7ffe4b19de51",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000434"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp"
              }
            ],
            "repeated": 0,
            "id": 1912
          },
          {
            "timestamp": "2026-04-16 20:06:34,009",
            "thread_id": "812",
            "caller": "0x7ffe4b19ee65",
            "parentcaller": "0x7ffe4b19de51",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000434"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02800000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007e92c0"
              },
              {
                "name": "ViewSize",
                "value": "0x00005000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1913
          },
          {
            "timestamp": "2026-04-16 20:06:34,009",
            "thread_id": "812",
            "caller": "0x7ffe4b19ee65",
            "parentcaller": "0x7ffe4b19de51",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 2,
            "id": 1914
          },
          {
            "timestamp": "2026-04-16 20:06:34,337",
            "thread_id": "812",
            "caller": "0x7ffe4b19ee65",
            "parentcaller": "0x7ffe4b19de51",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000043c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1915
          },
          {
            "timestamp": "2026-04-16 20:06:34,337",
            "thread_id": "812",
            "caller": "0x7ffe4b19ee65",
            "parentcaller": "0x7ffe4b19de51",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000043c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x10\\x04\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1916
          },
          {
            "timestamp": "2026-04-16 20:06:34,337",
            "thread_id": "812",
            "caller": "0x7ffe4b19ee65",
            "parentcaller": "0x7ffe4b19de51",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000440"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000043c"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp"
              }
            ],
            "repeated": 0,
            "id": 1917
          },
          {
            "timestamp": "2026-04-16 20:06:34,337",
            "thread_id": "812",
            "caller": "0x7ffe4b19ee65",
            "parentcaller": "0x7ffe4b19de51",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000440"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1dec0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007ea990"
              },
              {
                "name": "ViewSize",
                "value": "0x00041000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1918
          },
          {
            "timestamp": "2026-04-16 20:06:34,337",
            "thread_id": "812",
            "caller": "0x7ffe4b19ee65",
            "parentcaller": "0x7ffe4b19de51",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1919
          },
          {
            "timestamp": "2026-04-16 20:06:34,727",
            "thread_id": "812",
            "caller": "0x7ffe4b19f24a",
            "parentcaller": "0x7ffe4b19eeab",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b232000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1920
          },
          {
            "timestamp": "2026-04-16 20:06:34,727",
            "thread_id": "812",
            "caller": "0x7ffe4b19f312",
            "parentcaller": "0x7ffe4b19f24a",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1921
          },
          {
            "timestamp": "2026-04-16 20:06:34,727",
            "thread_id": "812",
            "caller": "0x7ffe4b19f312",
            "parentcaller": "0x7ffe4b19f24a",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1922
          },
          {
            "timestamp": "2026-04-16 20:06:34,727",
            "thread_id": "812",
            "caller": "0x7ffe4b19f312",
            "parentcaller": "0x7ffe4b19f24a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileAttributesEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1923
          },
          {
            "timestamp": "2026-04-16 20:06:34,727",
            "thread_id": "812",
            "caller": "0x7ffe4b19f312",
            "parentcaller": "0x7ffe4b19f24a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileAttributesExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe404d50"
              }
            ],
            "repeated": 0,
            "id": 1924
          },
          {
            "timestamp": "2026-04-16 20:06:34,727",
            "thread_id": "812",
            "caller": "0x7ffe4b19f51b",
            "parentcaller": "0x7ffe4b19f312",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
              }
            ],
            "repeated": 0,
            "id": 1925
          },
          {
            "timestamp": "2026-04-16 20:06:34,759",
            "thread_id": "812",
            "caller": "0x7ffe4b19f3b0",
            "parentcaller": "0x7ffe4b19f24a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1926
          },
          {
            "timestamp": "2026-04-16 20:06:35,431",
            "thread_id": "812",
            "caller": "0x7ffe4b19de8e",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1927
          },
          {
            "timestamp": "2026-04-16 20:06:35,477",
            "thread_id": "812",
            "caller": "0x7ffe4b19f51b",
            "parentcaller": "0x7ffe4b19fade",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
              }
            ],
            "repeated": 0,
            "id": 1928
          },
          {
            "timestamp": "2026-04-16 20:06:35,477",
            "thread_id": "812",
            "caller": "0x7ffe4b19f9f1",
            "parentcaller": "0x7ffe4b19f8fc",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000444"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1929
          },
          {
            "timestamp": "2026-04-16 20:06:35,649",
            "thread_id": "812",
            "caller": "0x7ffe4b19df4b",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1930
          },
          {
            "timestamp": "2026-04-16 20:06:35,649",
            "thread_id": "812",
            "caller": "0x7ffe4b19df4b",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1931
          },
          {
            "timestamp": "2026-04-16 20:06:38,399",
            "thread_id": "812",
            "caller": "0x7ffe4b19fc6a",
            "parentcaller": "0x7ffe4b19df4b",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000430"
              }
            ],
            "repeated": 0,
            "id": 1932
          },
          {
            "timestamp": "2026-04-16 20:06:38,399",
            "thread_id": "812",
            "caller": "0x7ffe4b19fc6a",
            "parentcaller": "0x7ffe4b19df4b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1933
          },
          {
            "timestamp": "2026-04-16 20:06:38,399",
            "thread_id": "812",
            "caller": "0x7ffe4b19fc6a",
            "parentcaller": "0x7ffe4b19df4b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xfd\\xbd\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1934
          },
          {
            "timestamp": "2026-04-16 20:06:38,399",
            "thread_id": "812",
            "caller": "0x7ffe4b19fc6a",
            "parentcaller": "0x7ffe4b19df4b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x00000424"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 1935
          },
          {
            "timestamp": "2026-04-16 20:06:38,399",
            "thread_id": "812",
            "caller": "0x7ffe4b19fc6a",
            "parentcaller": "0x7ffe4b19df4b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 1936
          },
          {
            "timestamp": "2026-04-16 20:06:38,399",
            "thread_id": "812",
            "caller": "0x7ffe4b19fc6a",
            "parentcaller": "0x7ffe4b19df4b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              }
            ],
            "repeated": 0,
            "id": 1937
          },
          {
            "timestamp": "2026-04-16 20:06:38,399",
            "thread_id": "812",
            "caller": "0x7ffe4b19fc6a",
            "parentcaller": "0x7ffe4b19df4b",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 1938
          },
          {
            "timestamp": "2026-04-16 20:06:38,399",
            "thread_id": "812",
            "caller": "0x7ffe4b19fc6a",
            "parentcaller": "0x7ffe4b19df4b",
            "category": "filesystem",
            "api": "SHGetFolderPathW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Folder",
                "value": "0x0000801a",
                "pretty_value": "CSIDL_FLAG_CREATE|CSIDL_APPDATA"
              },
              {
                "name": "Path",
                "value": "C:\\Users\\cape\\AppData\\Roaming"
              }
            ],
            "repeated": 0,
            "id": 1939
          },
          {
            "timestamp": "2026-04-16 20:06:38,399",
            "thread_id": "812",
            "caller": "0x7ffe4b19fc6a",
            "parentcaller": "0x7ffe4b19df4b",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
              }
            ],
            "repeated": 0,
            "id": 1940
          },
          {
            "timestamp": "2026-04-16 20:06:38,509",
            "thread_id": "812",
            "caller": "0x7ffe4b19fc6a",
            "parentcaller": "0x7ffe4b19df4b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02840000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1941
          },
          {
            "timestamp": "2026-04-16 20:06:38,524",
            "thread_id": "812",
            "caller": "0x7ffe4b19fc6a",
            "parentcaller": "0x7ffe4b19df4b",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000430"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1942
          },
          {
            "timestamp": "2026-04-16 20:06:38,524",
            "thread_id": "812",
            "caller": "0x7ffe4b19fc6a",
            "parentcaller": "0x7ffe4b19df4b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1943
          },
          {
            "timestamp": "2026-04-16 20:06:38,524",
            "thread_id": "812",
            "caller": "0x7ffe4b19fc6a",
            "parentcaller": "0x7ffe4b19df4b",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000430"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "<?xml version=\"1.0\" encoding=\"UTF-8\"?><!--\r\n    Please refer to machine.config.comments for a description and\r\n    the default values of each configuration section.\r\n\r\n    For a full documentation of the schema please refer to\r\n    http://go.microsoft.com/"
              },
              {
                "name": "Length",
                "value": "4095"
              }
            ],
            "repeated": 0,
            "id": 1944
          },
          {
            "timestamp": "2026-04-16 20:06:38,618",
            "thread_id": "812",
            "caller": "0x7ffe4b19fc6a",
            "parentcaller": "0x7ffe4b19df4b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05352000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1945
          },
          {
            "timestamp": "2026-04-16 20:06:38,618",
            "thread_id": "812",
            "caller": "0x7ffe4b19fc6a",
            "parentcaller": "0x7ffe4b19df4b",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000430"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "7a5c561934e089\">\r\n            <section name=\"schemaImporterExtensions\" type=\"System.Xml.Serialization.Configuration.SchemaImporterExtensionsSection, System.Xml, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"/>\r\n            <section name"
              },
              {
                "name": "Length",
                "value": "10495"
              }
            ],
            "repeated": 0,
            "id": 1946
          },
          {
            "timestamp": "2026-04-16 20:06:38,618",
            "thread_id": "812",
            "caller": "0x7ffe4b19fc6a",
            "parentcaller": "0x7ffe4b19df4b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05362000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1947
          },
          {
            "timestamp": "2026-04-16 20:06:38,618",
            "thread_id": "812",
            "caller": "0x7ffe4b19fc6a",
            "parentcaller": "0x7ffe4b19df4b",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000430"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "\"MachineToApplication\"/>\r\n                <section name=\"outputCache\" type=\"System.Web.Configuration.OutputCacheSection, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a\" allowDefinition=\"MachineToApplication\"/>\r\n              "
              },
              {
                "name": "Length",
                "value": "11445"
              }
            ],
            "repeated": 0,
            "id": 1948
          },
          {
            "timestamp": "2026-04-16 20:06:38,618",
            "thread_id": "812",
            "caller": "0x7ffe4b19fc6a",
            "parentcaller": "0x7ffe4b19df4b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05372000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1949
          },
          {
            "timestamp": "2026-04-16 20:06:38,618",
            "thread_id": "812",
            "caller": "0x7ffe4b19fc6a",
            "parentcaller": "0x7ffe4b19df4b",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": false,
            "return": "0xffffffffc0000011",
            "pretty_return": "END_OF_FILE",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000430"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1950
          },
          {
            "timestamp": "2026-04-16 20:06:38,634",
            "thread_id": "812",
            "caller": "0x7ffe4b19fc6a",
            "parentcaller": "0x7ffe4b19df4b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              }
            ],
            "repeated": 0,
            "id": 1951
          },
          {
            "timestamp": "2026-04-16 20:06:38,743",
            "thread_id": "812",
            "caller": "0x7ffe4b19fc6a",
            "parentcaller": "0x7ffe4b19df4b",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\CRYPTSP"
              },
              {
                "name": "DllBase",
                "value": "0x7ffefb850000"
              }
            ],
            "repeated": 0,
            "id": 1952
          },
          {
            "timestamp": "2026-04-16 20:06:38,743",
            "thread_id": "812",
            "caller": "0x7ffe4b19fc6a",
            "parentcaller": "0x7ffe4b19df4b",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 12,
            "id": 1953
          },
          {
            "timestamp": "2026-04-16 20:06:38,759",
            "thread_id": "812",
            "caller": "0x7ffe4b19fc6a",
            "parentcaller": "0x7ffe4b19df4b",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\rsaenh"
              },
              {
                "name": "DllBase",
                "value": "0x7ffefafe0000"
              }
            ],
            "repeated": 0,
            "id": 1954
          },
          {
            "timestamp": "2026-04-16 20:06:38,759",
            "thread_id": "812",
            "caller": "0x7ffe4b19fc6a",
            "parentcaller": "0x7ffe4b19df4b",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefafe0000"
              }
            ],
            "repeated": 0,
            "id": 1955
          },
          {
            "timestamp": "2026-04-16 20:06:38,946",
            "thread_id": "812",
            "caller": "0x7ffe4b19fc6a",
            "parentcaller": "0x7ffe4b19df4b",
            "category": "crypto",
            "api": "CryptAcquireContextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Container",
                "value": ""
              },
              {
                "name": "Provider",
                "value": ""
              },
              {
                "name": "Flags",
                "value": "0xf0000000"
              }
            ],
            "repeated": 0,
            "id": 1956
          },
          {
            "timestamp": "2026-04-16 20:06:39,056",
            "thread_id": "812",
            "caller": "0x7ffe4b19fc6a",
            "parentcaller": "0x7ffe4b19df4b",
            "category": "crypto",
            "api": "CryptGenRandom",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\rfj\n\\xa5\\xa0\\xe5Y"
              }
            ],
            "repeated": 0,
            "id": 1957
          },
          {
            "timestamp": "2026-04-16 20:06:39,306",
            "thread_id": "3776",
            "caller": "0x7ffefe8a466e",
            "parentcaller": "0x7ffefe8a3738",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3776"
              }
            ],
            "repeated": 0,
            "id": 1958
          },
          {
            "timestamp": "2026-04-16 20:06:39,306",
            "thread_id": "7968",
            "caller": "0x7ffefe8a466e",
            "parentcaller": "0x7ffefe8a3738",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7968"
              }
            ],
            "repeated": 0,
            "id": 1959
          },
          {
            "timestamp": "2026-04-16 20:06:39,306",
            "thread_id": "3776",
            "caller": "0x7ffefe8a468e",
            "parentcaller": "0x7ffefe8a3738",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 1960
          },
          {
            "timestamp": "2026-04-16 20:06:39,556",
            "thread_id": "812",
            "caller": "0x7ffe4b19fc6a",
            "parentcaller": "0x7ffe4b19df4b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileSize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe404d80"
              }
            ],
            "repeated": 0,
            "id": 1961
          },
          {
            "timestamp": "2026-04-16 20:06:39,556",
            "thread_id": "812",
            "caller": "0x7ffe4b19fc6a",
            "parentcaller": "0x7ffe4b19df4b",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000444"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00p\\x00\\x00\\x00\\x00\\x00\\x00\\xb3e\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1962
          },
          {
            "timestamp": "2026-04-16 20:06:39,556",
            "thread_id": "812",
            "caller": "0x7ffe4b19fc6a",
            "parentcaller": "0x7ffe4b19df4b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05382000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1963
          },
          {
            "timestamp": "2026-04-16 20:06:39,571",
            "thread_id": "812",
            "caller": "0x7ffe4b19fc6a",
            "parentcaller": "0x7ffe4b19df4b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "ReadFile"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe404ee0"
              }
            ],
            "repeated": 0,
            "id": 1964
          },
          {
            "timestamp": "2026-04-16 20:06:39,571",
            "thread_id": "812",
            "caller": "0x7ffe4b19fc6a",
            "parentcaller": "0x7ffe4b19df4b",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000444"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "<?xml version=\"1.0\" encoding=\"UTF-8\"?><!--\r\n    Please refer to machine.config.comments for a description and\r\n    the default values of each configuration section.\r\n\r\n    For a full documentation of the schema please refer to\r\n    http://go.microsoft.com/"
              },
              {
                "name": "Length",
                "value": "4096"
              }
            ],
            "repeated": 0,
            "id": 1965
          },
          {
            "timestamp": "2026-04-16 20:06:40,024",
            "thread_id": "812",
            "caller": "0x7ffe4b19df7a",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1966
          },
          {
            "timestamp": "2026-04-16 20:06:40,024",
            "thread_id": "812",
            "caller": "0x7ffe4b19df85",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1967
          },
          {
            "timestamp": "2026-04-16 20:06:40,024",
            "thread_id": "812",
            "caller": "0x7ffe4b19df85",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e041000"
              },
              {
                "name": "RegionSize",
                "value": "0x0007b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1968
          },
          {
            "timestamp": "2026-04-16 20:06:40,024",
            "thread_id": "812",
            "caller": "0x7ffe4b19df85",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1969
          },
          {
            "timestamp": "2026-04-16 20:06:40,024",
            "thread_id": "812",
            "caller": "0x7ffe4b19df85",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1970
          },
          {
            "timestamp": "2026-04-16 20:06:40,024",
            "thread_id": "812",
            "caller": "0x7ffe4b19df85",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1971
          },
          {
            "timestamp": "2026-04-16 20:06:40,040",
            "thread_id": "812",
            "caller": "0x7ffe4b19df85",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e041000"
              },
              {
                "name": "RegionSize",
                "value": "0x0007b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1972
          },
          {
            "timestamp": "2026-04-16 20:06:40,040",
            "thread_id": "812",
            "caller": "0x7ffe4b19df85",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c46000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1973
          },
          {
            "timestamp": "2026-04-16 20:06:40,040",
            "thread_id": "812",
            "caller": "0x7ffe4b19df85",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c22000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1974
          },
          {
            "timestamp": "2026-04-16 20:06:40,040",
            "thread_id": "812",
            "caller": "0x7ffe4b19df85",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1975
          },
          {
            "timestamp": "2026-04-16 20:06:40,040",
            "thread_id": "812",
            "caller": "0x7ffe4b19df85",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1976
          },
          {
            "timestamp": "2026-04-16 20:06:40,040",
            "thread_id": "812",
            "caller": "0x7ffe4b19df85",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1977
          },
          {
            "timestamp": "2026-04-16 20:06:40,040",
            "thread_id": "812",
            "caller": "0x7ffe4b19df85",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c46000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1978
          },
          {
            "timestamp": "2026-04-16 20:06:40,040",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b245000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1979
          },
          {
            "timestamp": "2026-04-16 20:06:40,040",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c22000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1980
          },
          {
            "timestamp": "2026-04-16 20:06:40,040",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1981
          },
          {
            "timestamp": "2026-04-16 20:06:40,040",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1982
          },
          {
            "timestamp": "2026-04-16 20:06:40,040",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1983
          },
          {
            "timestamp": "2026-04-16 20:06:40,040",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1984
          },
          {
            "timestamp": "2026-04-16 20:06:40,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1985
          },
          {
            "timestamp": "2026-04-16 20:06:40,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d90000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1986
          },
          {
            "timestamp": "2026-04-16 20:06:40,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00da0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1987
          },
          {
            "timestamp": "2026-04-16 20:06:40,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00db0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1988
          },
          {
            "timestamp": "2026-04-16 20:06:40,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00dc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1989
          },
          {
            "timestamp": "2026-04-16 20:06:40,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00dd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1990
          },
          {
            "timestamp": "2026-04-16 20:06:40,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e041000"
              },
              {
                "name": "RegionSize",
                "value": "0x0007b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1991
          },
          {
            "timestamp": "2026-04-16 20:06:40,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00de0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1992
          },
          {
            "timestamp": "2026-04-16 20:06:40,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00df0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1993
          },
          {
            "timestamp": "2026-04-16 20:06:40,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1994
          },
          {
            "timestamp": "2026-04-16 20:06:40,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1995
          },
          {
            "timestamp": "2026-04-16 20:06:40,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1996
          },
          {
            "timestamp": "2026-04-16 20:06:40,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1997
          },
          {
            "timestamp": "2026-04-16 20:06:40,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e0bd000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000c000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1998
          },
          {
            "timestamp": "2026-04-16 20:06:40,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e0c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000c000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1999
          },
          {
            "timestamp": "2026-04-16 20:06:40,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2000
          },
          {
            "timestamp": "2026-04-16 20:06:40,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2001
          },
          {
            "timestamp": "2026-04-16 20:06:40,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2002
          },
          {
            "timestamp": "2026-04-16 20:06:40,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2003
          },
          {
            "timestamp": "2026-04-16 20:06:40,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2004
          },
          {
            "timestamp": "2026-04-16 20:06:40,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e90000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2005
          },
          {
            "timestamp": "2026-04-16 20:06:40,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ea0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2006
          },
          {
            "timestamp": "2026-04-16 20:06:40,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00eb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2007
          },
          {
            "timestamp": "2026-04-16 20:06:40,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e090000"
              },
              {
                "name": "RegionSize",
                "value": "0x00044000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2008
          },
          {
            "timestamp": "2026-04-16 20:06:40,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c5d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2009
          },
          {
            "timestamp": "2026-04-16 20:06:40,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c46000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2010
          },
          {
            "timestamp": "2026-04-16 20:06:40,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1a1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2011
          },
          {
            "timestamp": "2026-04-16 20:06:40,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e090000"
              },
              {
                "name": "RegionSize",
                "value": "0x00044000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2012
          },
          {
            "timestamp": "2026-04-16 20:06:40,196",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c46000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2013
          },
          {
            "timestamp": "2026-04-16 20:06:40,196",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c5d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2014
          },
          {
            "timestamp": "2026-04-16 20:06:40,196",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b246000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2015
          },
          {
            "timestamp": "2026-04-16 20:06:40,196",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e097000"
              },
              {
                "name": "RegionSize",
                "value": "0x0003d000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2016
          },
          {
            "timestamp": "2026-04-16 20:06:40,196",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c5d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2017
          },
          {
            "timestamp": "2026-04-16 20:06:40,196",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c46000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2018
          },
          {
            "timestamp": "2026-04-16 20:06:40,196",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e097000"
              },
              {
                "name": "RegionSize",
                "value": "0x0003d000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2019
          },
          {
            "timestamp": "2026-04-16 20:06:40,196",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e04d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00087000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2020
          },
          {
            "timestamp": "2026-04-16 20:06:40,196",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e04d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00087000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2021
          },
          {
            "timestamp": "2026-04-16 20:06:40,196",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c5d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2022
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e041000"
              },
              {
                "name": "RegionSize",
                "value": "0x00093000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2023
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c51000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2024
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c51000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2025
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e90000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2026
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2027
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2028
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2029
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2030
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2031
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ea0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2032
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00eb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2033
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2034
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2035
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2036
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2037
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00df0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2038
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00de0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2039
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04110000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2040
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x027f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2041
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2042
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d90000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2043
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00dd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2044
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00dc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2045
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00db0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2046
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00da0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2047
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2048
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2049
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c46000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2050
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2051
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2052
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a007b",
            "parentcaller": "0x7ffe4b19df85",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c22000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2053
          },
          {
            "timestamp": "2026-04-16 20:06:40,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1a028e",
            "parentcaller": "0x7ffe4b1a007b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2054
          },
          {
            "timestamp": "2026-04-16 20:06:40,649",
            "thread_id": "812",
            "caller": "0x7ffe4b1a0168",
            "parentcaller": "0x7ffe4b1a10b2",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000444"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "a5c561934e089\">\r\n            <section name=\"schemaImporterExtensions\" type=\"System.Xml.Serialization.Configuration.SchemaImporterExtensionsSection, System.Xml, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"/>\r\n            <section name="
              },
              {
                "name": "Length",
                "value": "4096"
              }
            ],
            "repeated": 0,
            "id": 2055
          },
          {
            "timestamp": "2026-04-16 20:06:40,759",
            "thread_id": "812",
            "caller": "0x7ffe4b1a0189",
            "parentcaller": "0x7ffe4b1a10b2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2056
          },
          {
            "timestamp": "2026-04-16 20:06:40,759",
            "thread_id": "812",
            "caller": "0x7ffe4b1a0168",
            "parentcaller": "0x7ffe4b1a02b1",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000444"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "ientTargetSection, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a\"/>\r\n            <section name=\"compilation\" type=\"System.Web.Configuration.CompilationSection, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03"
              },
              {
                "name": "Length",
                "value": "12288"
              }
            ],
            "repeated": 0,
            "id": 2057
          },
          {
            "timestamp": "2026-04-16 20:06:40,759",
            "thread_id": "812",
            "caller": "0x7ffe4b1a0ebc",
            "parentcaller": "0x7ffe4b1a073b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05392000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2058
          },
          {
            "timestamp": "2026-04-16 20:06:40,759",
            "thread_id": "812",
            "caller": "0x7ffe4b19df9c",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c22000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2059
          },
          {
            "timestamp": "2026-04-16 20:06:40,759",
            "thread_id": "812",
            "caller": "0x7ffe4b19df9c",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2060
          },
          {
            "timestamp": "2026-04-16 20:06:40,759",
            "thread_id": "812",
            "caller": "0x7ffe4b19df9c",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c22000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2061
          },
          {
            "timestamp": "2026-04-16 20:06:40,759",
            "thread_id": "812",
            "caller": "0x7ffe4b19dfbd",
            "parentcaller": "0x7ffe4b19af07",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2062
          },
          {
            "timestamp": "2026-04-16 20:06:40,759",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2063
          },
          {
            "timestamp": "2026-04-16 20:06:40,759",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2064
          },
          {
            "timestamp": "2026-04-16 20:06:40,759",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2065
          },
          {
            "timestamp": "2026-04-16 20:06:40,759",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b247000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2066
          },
          {
            "timestamp": "2026-04-16 20:06:40,759",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c22000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2067
          },
          {
            "timestamp": "2026-04-16 20:06:40,759",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b252000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2068
          },
          {
            "timestamp": "2026-04-16 20:06:40,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d90000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2069
          },
          {
            "timestamp": "2026-04-16 20:06:40,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00da0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2070
          },
          {
            "timestamp": "2026-04-16 20:06:40,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00db0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2071
          },
          {
            "timestamp": "2026-04-16 20:06:40,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00dc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2072
          },
          {
            "timestamp": "2026-04-16 20:06:40,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00dd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2073
          },
          {
            "timestamp": "2026-04-16 20:06:40,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00de0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2074
          },
          {
            "timestamp": "2026-04-16 20:06:40,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00df0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2075
          },
          {
            "timestamp": "2026-04-16 20:06:40,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2076
          },
          {
            "timestamp": "2026-04-16 20:06:40,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2077
          },
          {
            "timestamp": "2026-04-16 20:06:40,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e041000"
              },
              {
                "name": "RegionSize",
                "value": "0x00093000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2078
          },
          {
            "timestamp": "2026-04-16 20:06:40,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2079
          },
          {
            "timestamp": "2026-04-16 20:06:40,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2080
          },
          {
            "timestamp": "2026-04-16 20:06:40,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2081
          },
          {
            "timestamp": "2026-04-16 20:06:40,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2082
          },
          {
            "timestamp": "2026-04-16 20:06:40,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2083
          },
          {
            "timestamp": "2026-04-16 20:06:40,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2084
          },
          {
            "timestamp": "2026-04-16 20:06:40,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2085
          },
          {
            "timestamp": "2026-04-16 20:06:40,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e90000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2086
          },
          {
            "timestamp": "2026-04-16 20:06:40,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ea0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2087
          },
          {
            "timestamp": "2026-04-16 20:06:40,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00eb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2088
          },
          {
            "timestamp": "2026-04-16 20:06:40,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ec0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2089
          },
          {
            "timestamp": "2026-04-16 20:06:40,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ed0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2090
          },
          {
            "timestamp": "2026-04-16 20:06:40,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ee0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2091
          },
          {
            "timestamp": "2026-04-16 20:06:40,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2092
          },
          {
            "timestamp": "2026-04-16 20:06:40,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2093
          },
          {
            "timestamp": "2026-04-16 20:06:40,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e09f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00035000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2094
          },
          {
            "timestamp": "2026-04-16 20:06:40,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c58000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2095
          },
          {
            "timestamp": "2026-04-16 20:06:40,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c22000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2096
          },
          {
            "timestamp": "2026-04-16 20:06:40,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e09f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00035000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2097
          },
          {
            "timestamp": "2026-04-16 20:06:40,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e081000"
              },
              {
                "name": "RegionSize",
                "value": "0x00053000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2098
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1a3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2099
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e081000"
              },
              {
                "name": "RegionSize",
                "value": "0x00053000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2100
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c22000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2101
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c58000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2102
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b248000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2103
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e089000"
              },
              {
                "name": "RegionSize",
                "value": "0x0004b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2104
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c5c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2105
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c5c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2106
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e089000"
              },
              {
                "name": "RegionSize",
                "value": "0x0004b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2107
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e041000"
              },
              {
                "name": "RegionSize",
                "value": "0x00093000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2108
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c58000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2109
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c22000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2110
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c58000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2111
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00f00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2112
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2113
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e90000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2114
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ea0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2115
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ec0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2116
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ed0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2117
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ee0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2118
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2119
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ef0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2120
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00eb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2121
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2122
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2123
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2124
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2125
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2126
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2127
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e3a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2128
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2129
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00dd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2130
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00df0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2131
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00de0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2132
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00dc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2133
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00db0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2134
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00da0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2135
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d90000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2136
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2137
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2138
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a24cf",
            "parentcaller": "0x7ffe4b19dfbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2139
          },
          {
            "timestamp": "2026-04-16 20:06:40,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a1c40",
            "parentcaller": "0x7ffe4b1a1bc7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2140
          },
          {
            "timestamp": "2026-04-16 20:06:40,806",
            "thread_id": "812",
            "caller": "0x7ffe4b1a2b25",
            "parentcaller": "0x7ffe4b1a24cf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c22000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2141
          },
          {
            "timestamp": "2026-04-16 20:06:40,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1a3cf4",
            "parentcaller": "0x7ffe4b1a2c5f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2142
          },
          {
            "timestamp": "2026-04-16 20:06:40,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1a3cf4",
            "parentcaller": "0x7ffe4b1a2c5f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2143
          },
          {
            "timestamp": "2026-04-16 20:06:40,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1a3cf4",
            "parentcaller": "0x7ffe4b1a2c5f",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2144
          },
          {
            "timestamp": "2026-04-16 20:06:40,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1a3cf4",
            "parentcaller": "0x7ffe4b1a2c5f",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c22000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2145
          },
          {
            "timestamp": "2026-04-16 20:06:40,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1a3cf4",
            "parentcaller": "0x7ffe4b1a2c5f",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2146
          },
          {
            "timestamp": "2026-04-16 20:06:40,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1a2ffc",
            "parentcaller": "0x7ffe4b1a24cf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c22000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2147
          },
          {
            "timestamp": "2026-04-16 20:06:40,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1a3034",
            "parentcaller": "0x7ffe4b1a24cf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1a4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2148
          },
          {
            "timestamp": "2026-04-16 20:06:40,884",
            "thread_id": "812",
            "caller": "0x7ffe4b1a412e",
            "parentcaller": "0x7ffe4b1a304b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b249000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2149
          },
          {
            "timestamp": "2026-04-16 20:06:40,884",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2150
          },
          {
            "timestamp": "2026-04-16 20:06:40,884",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2151
          },
          {
            "timestamp": "2026-04-16 20:06:40,884",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2152
          },
          {
            "timestamp": "2026-04-16 20:06:40,884",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2153
          },
          {
            "timestamp": "2026-04-16 20:06:40,884",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2154
          },
          {
            "timestamp": "2026-04-16 20:06:40,884",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d90000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2155
          },
          {
            "timestamp": "2026-04-16 20:06:40,884",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00da0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2156
          },
          {
            "timestamp": "2026-04-16 20:06:40,884",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e041000"
              },
              {
                "name": "RegionSize",
                "value": "0x00093000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2157
          },
          {
            "timestamp": "2026-04-16 20:06:40,884",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00db0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2158
          },
          {
            "timestamp": "2026-04-16 20:06:40,884",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00dc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2159
          },
          {
            "timestamp": "2026-04-16 20:06:40,884",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00dd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2160
          },
          {
            "timestamp": "2026-04-16 20:06:40,884",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00de0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2161
          },
          {
            "timestamp": "2026-04-16 20:06:40,884",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00df0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2162
          },
          {
            "timestamp": "2026-04-16 20:06:40,884",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2163
          },
          {
            "timestamp": "2026-04-16 20:06:40,884",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2164
          },
          {
            "timestamp": "2026-04-16 20:06:40,884",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2165
          },
          {
            "timestamp": "2026-04-16 20:06:40,884",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2166
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2167
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2168
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e90000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2169
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e07c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00058000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2170
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c57000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2171
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c22000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2172
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c57000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2173
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e07c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00058000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2174
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e041000"
              },
              {
                "name": "RegionSize",
                "value": "0x00093000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2175
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c57000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2176
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c57000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2177
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e90000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2178
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02810000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2179
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2180
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2181
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2182
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2183
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00df0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2184
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00de0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2185
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00dd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2186
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00dc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2187
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00db0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2188
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00da0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2189
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d90000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2190
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2191
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2192
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2193
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2194
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2195
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2196
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4438",
            "parentcaller": "0x7ffe4b1a412e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2197
          },
          {
            "timestamp": "2026-04-16 20:06:40,899",
            "thread_id": "812",
            "caller": "0x7ffe4b1a45cc",
            "parentcaller": "0x7ffe4b1a4438",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2198
          },
          {
            "timestamp": "2026-04-16 20:06:40,915",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4f24",
            "parentcaller": "0x7ffe4b1a4e79",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2199
          },
          {
            "timestamp": "2026-04-16 20:06:40,915",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4f24",
            "parentcaller": "0x7ffe4b1a4e79",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1a5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2200
          },
          {
            "timestamp": "2026-04-16 20:06:40,915",
            "thread_id": "812",
            "caller": "0x7ffe4b1a4f24",
            "parentcaller": "0x7ffe4b1a4e79",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2201
          },
          {
            "timestamp": "2026-04-16 20:06:40,915",
            "thread_id": "812",
            "caller": "0x7ffe4b1a46d2",
            "parentcaller": "0x7ffe4b1a4438",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2202
          },
          {
            "timestamp": "2026-04-16 20:06:40,915",
            "thread_id": "812",
            "caller": "0x7ffe4b1a46d2",
            "parentcaller": "0x7ffe4b1a4438",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c22000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2203
          },
          {
            "timestamp": "2026-04-16 20:06:40,915",
            "thread_id": "812",
            "caller": "0x7ffe4b1a46d2",
            "parentcaller": "0x7ffe4b1a4438",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2204
          },
          {
            "timestamp": "2026-04-16 20:06:40,915",
            "thread_id": "812",
            "caller": "0x7ffe4b1a46d2",
            "parentcaller": "0x7ffe4b1a4438",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2205
          },
          {
            "timestamp": "2026-04-16 20:06:40,915",
            "thread_id": "812",
            "caller": "0x7ffe4b1a46d2",
            "parentcaller": "0x7ffe4b1a4438",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c22000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2206
          },
          {
            "timestamp": "2026-04-16 20:06:40,931",
            "thread_id": "812",
            "caller": "0x7ffe4b1a31e0",
            "parentcaller": "0x7ffe4b1a24cf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2207
          },
          {
            "timestamp": "2026-04-16 20:06:40,931",
            "thread_id": "812",
            "caller": "0x7ffe4b1a40a5",
            "parentcaller": "0x7ffe4b1a3034",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c22000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2208
          },
          {
            "timestamp": "2026-04-16 20:06:40,931",
            "thread_id": "812",
            "caller": "0x7ffe4b1a40a5",
            "parentcaller": "0x7ffe4b1a3034",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b24a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2209
          },
          {
            "timestamp": "2026-04-16 20:06:40,946",
            "thread_id": "812",
            "caller": "0x7ffe4b1a59d6",
            "parentcaller": "0x7ffe4b1a31c1",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": false,
            "return": "0xffffffffc0000011",
            "pretty_return": "END_OF_FILE",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000444"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "mework Data Provider for Odbc\" type=\"System.Data.Odbc.OdbcFactory, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"/>\r\n           <add name=\"OleDb Data Provider\" invariant=\"System.Data.OleDb\" description=\".Net Framework Data "
              },
              {
                "name": "Length",
                "value": "5555"
              }
            ],
            "repeated": 0,
            "id": 2210
          },
          {
            "timestamp": "2026-04-16 20:06:40,946",
            "thread_id": "812",
            "caller": "0x7ffe4b1a5a6a",
            "parentcaller": "0x7ffe4b19dfe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 2211
          },
          {
            "timestamp": "2026-04-16 20:06:41,071",
            "thread_id": "812",
            "caller": "0x7ffe4b19eb83",
            "parentcaller": "0x7ffe4b19ead4",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000460"
              }
            ],
            "repeated": 0,
            "id": 2212
          },
          {
            "timestamp": "2026-04-16 20:06:41,071",
            "thread_id": "812",
            "caller": "0x7ffe4b19eb83",
            "parentcaller": "0x7ffe4b19ead4",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000464"
              }
            ],
            "repeated": 0,
            "id": 2213
          },
          {
            "timestamp": "2026-04-16 20:06:41,071",
            "thread_id": "812",
            "caller": "0x7ffe4b19eb83",
            "parentcaller": "0x7ffe4b19ead4",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000468"
              }
            ],
            "repeated": 0,
            "id": 2214
          },
          {
            "timestamp": "2026-04-16 20:06:41,071",
            "thread_id": "812",
            "caller": "0x7ffe4b19f51b",
            "parentcaller": "0x7ffe4b19f312",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.config"
              }
            ],
            "repeated": 1,
            "id": 2215
          },
          {
            "timestamp": "2026-04-16 20:06:41,071",
            "thread_id": "812",
            "caller": "0x7ffe4b19eb83",
            "parentcaller": "0x7ffe4b19ead4",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000046c"
              }
            ],
            "repeated": 0,
            "id": 2216
          },
          {
            "timestamp": "2026-04-16 20:06:41,071",
            "thread_id": "812",
            "caller": "0x7ffe4b19eb83",
            "parentcaller": "0x7ffe4b19ead4",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000470"
              }
            ],
            "repeated": 0,
            "id": 2217
          },
          {
            "timestamp": "2026-04-16 20:06:41,087",
            "thread_id": "812",
            "caller": "0x7ffe4b19ca90",
            "parentcaller": "0x7ffe4b19c86d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1a6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2218
          },
          {
            "timestamp": "2026-04-16 20:06:41,087",
            "thread_id": "812",
            "caller": "0x7ffe4b1a60fb",
            "parentcaller": "0x7ffe4b19c633",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2219
          },
          {
            "timestamp": "2026-04-16 20:06:41,087",
            "thread_id": "812",
            "caller": "0x7ffe4b1a60fb",
            "parentcaller": "0x7ffe4b19c633",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2220
          },
          {
            "timestamp": "2026-04-16 20:06:41,087",
            "thread_id": "812",
            "caller": "0x7ffe4b1a60fb",
            "parentcaller": "0x7ffe4b19c633",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2221
          },
          {
            "timestamp": "2026-04-16 20:06:41,087",
            "thread_id": "812",
            "caller": "0x7ffe4b1a60fb",
            "parentcaller": "0x7ffe4b19c633",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2222
          },
          {
            "timestamp": "2026-04-16 20:06:41,087",
            "thread_id": "812",
            "caller": "0x7ffe4b1a60fb",
            "parentcaller": "0x7ffe4b19c633",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2223
          },
          {
            "timestamp": "2026-04-16 20:06:41,087",
            "thread_id": "812",
            "caller": "0x7ffe4b1a60fb",
            "parentcaller": "0x7ffe4b19c633",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d90000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2224
          },
          {
            "timestamp": "2026-04-16 20:06:41,087",
            "thread_id": "812",
            "caller": "0x7ffe4b1a60fb",
            "parentcaller": "0x7ffe4b19c633",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00da0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2225
          },
          {
            "timestamp": "2026-04-16 20:06:41,087",
            "thread_id": "812",
            "caller": "0x7ffe4b1a60fb",
            "parentcaller": "0x7ffe4b19c633",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00db0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2226
          },
          {
            "timestamp": "2026-04-16 20:06:41,087",
            "thread_id": "812",
            "caller": "0x7ffe4b1a60fb",
            "parentcaller": "0x7ffe4b19c633",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00dc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2227
          },
          {
            "timestamp": "2026-04-16 20:06:41,087",
            "thread_id": "812",
            "caller": "0x7ffe4b1a60fb",
            "parentcaller": "0x7ffe4b19c633",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2228
          },
          {
            "timestamp": "2026-04-16 20:06:41,087",
            "thread_id": "812",
            "caller": "0x7ffe4b1a60fb",
            "parentcaller": "0x7ffe4b19c633",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c24000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2229
          },
          {
            "timestamp": "2026-04-16 20:06:41,087",
            "thread_id": "812",
            "caller": "0x7ffe4b1a60fb",
            "parentcaller": "0x7ffe4b19c633",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2230
          },
          {
            "timestamp": "2026-04-16 20:06:41,102",
            "thread_id": "812",
            "caller": "0x7ffe4b1a60fb",
            "parentcaller": "0x7ffe4b19c633",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00dd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2231
          },
          {
            "timestamp": "2026-04-16 20:06:41,102",
            "thread_id": "812",
            "caller": "0x7ffe4b1a60fb",
            "parentcaller": "0x7ffe4b19c633",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c24000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2232
          },
          {
            "timestamp": "2026-04-16 20:06:41,102",
            "thread_id": "812",
            "caller": "0x7ffe4b1a60fb",
            "parentcaller": "0x7ffe4b19c633",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00da0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2233
          },
          {
            "timestamp": "2026-04-16 20:06:41,102",
            "thread_id": "812",
            "caller": "0x7ffe4b1a60fb",
            "parentcaller": "0x7ffe4b19c633",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02820000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2234
          },
          {
            "timestamp": "2026-04-16 20:06:41,102",
            "thread_id": "812",
            "caller": "0x7ffe4b1a60fb",
            "parentcaller": "0x7ffe4b19c633",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00dd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2235
          },
          {
            "timestamp": "2026-04-16 20:06:41,102",
            "thread_id": "812",
            "caller": "0x7ffe4b1a60fb",
            "parentcaller": "0x7ffe4b19c633",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2236
          },
          {
            "timestamp": "2026-04-16 20:06:41,102",
            "thread_id": "812",
            "caller": "0x7ffe4b1a60fb",
            "parentcaller": "0x7ffe4b19c633",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d90000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2237
          },
          {
            "timestamp": "2026-04-16 20:06:41,102",
            "thread_id": "812",
            "caller": "0x7ffe4b1a60fb",
            "parentcaller": "0x7ffe4b19c633",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00db0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2238
          },
          {
            "timestamp": "2026-04-16 20:06:41,102",
            "thread_id": "812",
            "caller": "0x7ffe4b1a60fb",
            "parentcaller": "0x7ffe4b19c633",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00dc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2239
          },
          {
            "timestamp": "2026-04-16 20:06:41,102",
            "thread_id": "812",
            "caller": "0x7ffe4b1a60fb",
            "parentcaller": "0x7ffe4b19c633",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2240
          },
          {
            "timestamp": "2026-04-16 20:06:41,102",
            "thread_id": "812",
            "caller": "0x7ffe4b1a60fb",
            "parentcaller": "0x7ffe4b19c633",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2241
          },
          {
            "timestamp": "2026-04-16 20:06:41,102",
            "thread_id": "812",
            "caller": "0x7ffe4b1a60fb",
            "parentcaller": "0x7ffe4b19c633",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2242
          },
          {
            "timestamp": "2026-04-16 20:06:41,102",
            "thread_id": "812",
            "caller": "0x7ffe4b1a60fb",
            "parentcaller": "0x7ffe4b19c633",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2243
          },
          {
            "timestamp": "2026-04-16 20:06:41,102",
            "thread_id": "812",
            "caller": "0x7ffe4b1a60fb",
            "parentcaller": "0x7ffe4b19c633",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c24000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2244
          },
          {
            "timestamp": "2026-04-16 20:06:41,118",
            "thread_id": "812",
            "caller": "0x7ffe4b1a638b",
            "parentcaller": "0x7ffe4b1a60fb",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2245
          },
          {
            "timestamp": "2026-04-16 20:06:41,118",
            "thread_id": "812",
            "caller": "0x7ffe4b1a638b",
            "parentcaller": "0x7ffe4b1a60fb",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c24000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2246
          },
          {
            "timestamp": "2026-04-16 20:06:41,556",
            "thread_id": "812",
            "caller": "0x7ffe4b1a638b",
            "parentcaller": "0x7ffe4b1a60fb",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2247
          },
          {
            "timestamp": "2026-04-16 20:06:41,556",
            "thread_id": "812",
            "caller": "0x7ffe4b1a638b",
            "parentcaller": "0x7ffe4b1a60fb",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2248
          },
          {
            "timestamp": "2026-04-16 20:06:41,556",
            "thread_id": "812",
            "caller": "0x7ffe4b1a638b",
            "parentcaller": "0x7ffe4b1a60fb",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2249
          },
          {
            "timestamp": "2026-04-16 20:06:41,556",
            "thread_id": "812",
            "caller": "0x7ffe4b1a638b",
            "parentcaller": "0x7ffe4b1a60fb",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2250
          },
          {
            "timestamp": "2026-04-16 20:06:41,556",
            "thread_id": "812",
            "caller": "0x7ffe4b1a638b",
            "parentcaller": "0x7ffe4b1a60fb",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b24b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2251
          },
          {
            "timestamp": "2026-04-16 20:06:41,556",
            "thread_id": "812",
            "caller": "0x7ffe4b1a638b",
            "parentcaller": "0x7ffe4b1a60fb",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2252
          },
          {
            "timestamp": "2026-04-16 20:06:41,556",
            "thread_id": "812",
            "caller": "0x7ffe4b1a638b",
            "parentcaller": "0x7ffe4b1a60fb",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2253
          },
          {
            "timestamp": "2026-04-16 20:06:41,556",
            "thread_id": "812",
            "caller": "0x7ffe4b1a638b",
            "parentcaller": "0x7ffe4b1a60fb",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2254
          },
          {
            "timestamp": "2026-04-16 20:06:41,556",
            "thread_id": "812",
            "caller": "0x7ffe4b1a638b",
            "parentcaller": "0x7ffe4b1a60fb",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2255
          },
          {
            "timestamp": "2026-04-16 20:06:41,556",
            "thread_id": "812",
            "caller": "0x7ffe4b1a638b",
            "parentcaller": "0x7ffe4b1a60fb",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2256
          },
          {
            "timestamp": "2026-04-16 20:06:41,556",
            "thread_id": "812",
            "caller": "0x7ffe4b1a638b",
            "parentcaller": "0x7ffe4b1a60fb",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c24000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2257
          },
          {
            "timestamp": "2026-04-16 20:06:41,556",
            "thread_id": "812",
            "caller": "0x7ffe4b1a376b",
            "parentcaller": "0x7ffe4b1a1c40",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2258
          },
          {
            "timestamp": "2026-04-16 20:06:41,556",
            "thread_id": "812",
            "caller": "0x7ffe4b1a6a25",
            "parentcaller": "0x7ffe4b1a638b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c24000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2259
          },
          {
            "timestamp": "2026-04-16 20:06:41,556",
            "thread_id": "812",
            "caller": "0x7ffe4b1a6e58",
            "parentcaller": "0x7ffe4b1a6dfb",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1a7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2260
          },
          {
            "timestamp": "2026-04-16 20:06:41,868",
            "thread_id": "812",
            "caller": "0x7ffe4b1a73b6",
            "parentcaller": "0x7ffe4b1a733a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef230000"
              },
              {
                "name": "FunctionName",
                "value": "ND_RI2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffeef23a120"
              }
            ],
            "repeated": 0,
            "id": 2261
          },
          {
            "timestamp": "2026-04-16 20:06:41,868",
            "thread_id": "812",
            "caller": "0x7ffe4b1a73b6",
            "parentcaller": "0x7ffe4b1a733a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef080000"
              },
              {
                "name": "FunctionName",
                "value": "ND_RI2_RetAddr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2262
          },
          {
            "timestamp": "2026-04-16 20:06:41,868",
            "thread_id": "812",
            "caller": "0x7ffe4b1a73b6",
            "parentcaller": "0x7ffe4b1a733a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffeef080000"
              },
              {
                "name": "FunctionName",
                "value": "ND_RI2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffeef08ffa0"
              }
            ],
            "repeated": 0,
            "id": 2263
          },
          {
            "timestamp": "2026-04-16 20:06:41,977",
            "thread_id": "812",
            "caller": "0x7ffe4b1a6589",
            "parentcaller": "0x7ffe4b1a65bf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2264
          },
          {
            "timestamp": "2026-04-16 20:06:41,993",
            "thread_id": "812",
            "caller": "0x7ffe4b1a6589",
            "parentcaller": "0x7ffe4b1a65bf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b253000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2265
          },
          {
            "timestamp": "2026-04-16 20:06:41,993",
            "thread_id": "812",
            "caller": "0x7ffe4b19eb83",
            "parentcaller": "0x7ffe4b19ead4",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 2266
          },
          {
            "timestamp": "2026-04-16 20:06:41,993",
            "thread_id": "812",
            "caller": "0x7ffe4b1a79b1",
            "parentcaller": "0x7ffe4b1a7651",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b24c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2267
          },
          {
            "timestamp": "2026-04-16 20:06:42,009",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7acc",
            "parentcaller": "0x7ffe4b1a79b1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b233000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2268
          },
          {
            "timestamp": "2026-04-16 20:06:42,727",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7acc",
            "parentcaller": "0x7ffe4b1a79b1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2269
          },
          {
            "timestamp": "2026-04-16 20:06:42,727",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7acc",
            "parentcaller": "0x7ffe4b1a79b1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2270
          },
          {
            "timestamp": "2026-04-16 20:06:42,727",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7acc",
            "parentcaller": "0x7ffe4b1a79b1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c24000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2271
          },
          {
            "timestamp": "2026-04-16 20:06:42,727",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7bca",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2272
          },
          {
            "timestamp": "2026-04-16 20:06:42,727",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7bca",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c24000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2273
          },
          {
            "timestamp": "2026-04-16 20:06:42,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7cf5",
            "parentcaller": "0x7ffe4b1a7bca",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b254000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2274
          },
          {
            "timestamp": "2026-04-16 20:06:42,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7ee8",
            "parentcaller": "0x7ffe4b1a7cf5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1a8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2275
          },
          {
            "timestamp": "2026-04-16 20:06:42,868",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7ef3",
            "parentcaller": "0x7ffe4b1a7cf5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2276
          },
          {
            "timestamp": "2026-04-16 20:06:42,884",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7ef3",
            "parentcaller": "0x7ffe4b1a7cf5",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2277
          },
          {
            "timestamp": "2026-04-16 20:06:42,884",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7ef3",
            "parentcaller": "0x7ffe4b1a7cf5",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2278
          },
          {
            "timestamp": "2026-04-16 20:06:42,884",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7ef3",
            "parentcaller": "0x7ffe4b1a7cf5",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c24000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2279
          },
          {
            "timestamp": "2026-04-16 20:06:42,884",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7cf5",
            "parentcaller": "0x7ffe4b1a7bca",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2280
          },
          {
            "timestamp": "2026-04-16 20:06:42,884",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7cf5",
            "parentcaller": "0x7ffe4b1a7bca",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c24000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2281
          },
          {
            "timestamp": "2026-04-16 20:06:43,040",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7cf5",
            "parentcaller": "0x7ffe4b1a7bca",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b24d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2282
          },
          {
            "timestamp": "2026-04-16 20:06:43,071",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c08",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b255000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2283
          },
          {
            "timestamp": "2026-04-16 20:06:43,071",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c08",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2284
          },
          {
            "timestamp": "2026-04-16 20:06:43,071",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c08",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2285
          },
          {
            "timestamp": "2026-04-16 20:06:43,071",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c08",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2286
          },
          {
            "timestamp": "2026-04-16 20:06:43,071",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c08",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d90000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2287
          },
          {
            "timestamp": "2026-04-16 20:06:43,071",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c08",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00da0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2288
          },
          {
            "timestamp": "2026-04-16 20:06:43,071",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c08",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00db0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2289
          },
          {
            "timestamp": "2026-04-16 20:06:43,071",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c08",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00dc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2290
          },
          {
            "timestamp": "2026-04-16 20:06:43,071",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c08",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00dd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2291
          },
          {
            "timestamp": "2026-04-16 20:06:43,071",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c08",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00de0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2292
          },
          {
            "timestamp": "2026-04-16 20:06:43,071",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c08",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00de0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2293
          },
          {
            "timestamp": "2026-04-16 20:06:43,071",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c08",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2294
          },
          {
            "timestamp": "2026-04-16 20:06:43,071",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c08",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00dc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2295
          },
          {
            "timestamp": "2026-04-16 20:06:43,071",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c08",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00dd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2296
          },
          {
            "timestamp": "2026-04-16 20:06:43,071",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c08",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00da0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2297
          },
          {
            "timestamp": "2026-04-16 20:06:43,071",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c08",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d90000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2298
          },
          {
            "timestamp": "2026-04-16 20:06:43,071",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c08",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2299
          },
          {
            "timestamp": "2026-04-16 20:06:43,071",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c08",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2300
          },
          {
            "timestamp": "2026-04-16 20:06:43,087",
            "thread_id": "812",
            "caller": "0x7ffe4b1a8d63",
            "parentcaller": "0x7ffe4b1a7c08",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1a9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2301
          },
          {
            "timestamp": "2026-04-16 20:06:43,087",
            "thread_id": "812",
            "caller": "0x7ffe4b1a8d63",
            "parentcaller": "0x7ffe4b1a7c08",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2302
          },
          {
            "timestamp": "2026-04-16 20:06:43,087",
            "thread_id": "812",
            "caller": "0x7ffe4b1a8d63",
            "parentcaller": "0x7ffe4b1a7c08",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2303
          },
          {
            "timestamp": "2026-04-16 20:06:43,087",
            "thread_id": "812",
            "caller": "0x7ffe4b1a8d63",
            "parentcaller": "0x7ffe4b1a7c08",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c24000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2304
          },
          {
            "timestamp": "2026-04-16 20:06:43,087",
            "thread_id": "812",
            "caller": "0x7ffe4b1a8f70",
            "parentcaller": "0x7ffe4b1a8d63",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2305
          },
          {
            "timestamp": "2026-04-16 20:06:43,087",
            "thread_id": "812",
            "caller": "0x7ffe4b1a90f2",
            "parentcaller": "0x7ffe4b1a8f70",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c24000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2306
          },
          {
            "timestamp": "2026-04-16 20:06:43,087",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b24e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2307
          },
          {
            "timestamp": "2026-04-16 20:06:43,087",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2308
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2309
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e041000"
              },
              {
                "name": "RegionSize",
                "value": "0x00093000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2310
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2311
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2312
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d90000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2313
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00da0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2314
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00dc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2315
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e041000"
              },
              {
                "name": "RegionSize",
                "value": "0x00093000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2316
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2317
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c25000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2318
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d90000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2319
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2320
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00da0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2321
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00dc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2322
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2323
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2324
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a929d",
            "parentcaller": "0x7ffe4b1a7c36",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c25000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2325
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a929d",
            "parentcaller": "0x7ffe4b1a7c36",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2326
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a929d",
            "parentcaller": "0x7ffe4b1a7c36",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b256000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2327
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a929d",
            "parentcaller": "0x7ffe4b1a7c36",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2328
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a929d",
            "parentcaller": "0x7ffe4b1a7c36",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2329
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a929d",
            "parentcaller": "0x7ffe4b1a7c36",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e041000"
              },
              {
                "name": "RegionSize",
                "value": "0x00093000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2330
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a929d",
            "parentcaller": "0x7ffe4b1a7c36",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2331
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a929d",
            "parentcaller": "0x7ffe4b1a7c36",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d90000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2332
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a929d",
            "parentcaller": "0x7ffe4b1a7c36",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00da0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2333
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a929d",
            "parentcaller": "0x7ffe4b1a7c36",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e041000"
              },
              {
                "name": "RegionSize",
                "value": "0x00093000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2334
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a929d",
            "parentcaller": "0x7ffe4b1a7c36",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2335
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a929d",
            "parentcaller": "0x7ffe4b1a7c36",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c25000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2336
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a929d",
            "parentcaller": "0x7ffe4b1a7c36",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2337
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a929d",
            "parentcaller": "0x7ffe4b1a7c36",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2338
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a929d",
            "parentcaller": "0x7ffe4b1a7c36",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2339
          },
          {
            "timestamp": "2026-04-16 20:06:43,165",
            "thread_id": "812",
            "caller": "0x7ffe4b1a929d",
            "parentcaller": "0x7ffe4b1a7c36",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d90000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2340
          },
          {
            "timestamp": "2026-04-16 20:06:43,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a929d",
            "parentcaller": "0x7ffe4b1a7c36",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00da0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2341
          },
          {
            "timestamp": "2026-04-16 20:06:43,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a9bd2",
            "parentcaller": "0x7ffe4b1a7c54",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c25000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2342
          },
          {
            "timestamp": "2026-04-16 20:06:43,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a9bd2",
            "parentcaller": "0x7ffe4b1a7c54",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2343
          },
          {
            "timestamp": "2026-04-16 20:06:43,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a9bd2",
            "parentcaller": "0x7ffe4b1a7c54",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2344
          },
          {
            "timestamp": "2026-04-16 20:06:43,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a9bd2",
            "parentcaller": "0x7ffe4b1a7c54",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2345
          },
          {
            "timestamp": "2026-04-16 20:06:43,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a9bd2",
            "parentcaller": "0x7ffe4b1a7c54",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1aa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2346
          },
          {
            "timestamp": "2026-04-16 20:06:43,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a9bd2",
            "parentcaller": "0x7ffe4b1a7c54",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00b42000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2347
          },
          {
            "timestamp": "2026-04-16 20:06:43,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a9bd2",
            "parentcaller": "0x7ffe4b1a7c54",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2348
          },
          {
            "timestamp": "2026-04-16 20:06:43,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a9bd2",
            "parentcaller": "0x7ffe4b1a7c54",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c25000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2349
          },
          {
            "timestamp": "2026-04-16 20:06:43,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a9bd2",
            "parentcaller": "0x7ffe4b1a7c54",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2350
          },
          {
            "timestamp": "2026-04-16 20:06:43,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a9bd2",
            "parentcaller": "0x7ffe4b1a7c54",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2351
          },
          {
            "timestamp": "2026-04-16 20:06:43,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a9c85",
            "parentcaller": "0x7ffe4b1a9bd2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b0a5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2352
          },
          {
            "timestamp": "2026-04-16 20:06:43,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c65",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2353
          },
          {
            "timestamp": "2026-04-16 20:06:43,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c65",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2354
          },
          {
            "timestamp": "2026-04-16 20:06:43,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c65",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2355
          },
          {
            "timestamp": "2026-04-16 20:06:43,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c6e",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2356
          },
          {
            "timestamp": "2026-04-16 20:06:43,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c6e",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2357
          },
          {
            "timestamp": "2026-04-16 20:06:43,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c6e",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b24f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2358
          },
          {
            "timestamp": "2026-04-16 20:06:43,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c6e",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c25000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2359
          },
          {
            "timestamp": "2026-04-16 20:06:43,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c6e",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2360
          },
          {
            "timestamp": "2026-04-16 20:06:43,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c6e",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2361
          },
          {
            "timestamp": "2026-04-16 20:06:43,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c6e",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c25000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2362
          },
          {
            "timestamp": "2026-04-16 20:06:43,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7561",
            "parentcaller": "0x7ffe4b1a6589",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2363
          },
          {
            "timestamp": "2026-04-16 20:06:43,181",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7561",
            "parentcaller": "0x7ffe4b1a6589",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c25000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2364
          },
          {
            "timestamp": "2026-04-16 20:06:43,181",
            "thread_id": "812",
            "caller": "0x7ffe4b19eb83",
            "parentcaller": "0x7ffe4b19ead4",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000045c"
              }
            ],
            "repeated": 0,
            "id": 2365
          },
          {
            "timestamp": "2026-04-16 20:06:43,368",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2366
          },
          {
            "timestamp": "2026-04-16 20:06:43,368",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2367
          },
          {
            "timestamp": "2026-04-16 20:06:43,368",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2368
          },
          {
            "timestamp": "2026-04-16 20:06:43,368",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d90000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2369
          },
          {
            "timestamp": "2026-04-16 20:06:43,368",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1ab000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2370
          },
          {
            "timestamp": "2026-04-16 20:06:43,368",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2371
          },
          {
            "timestamp": "2026-04-16 20:06:43,368",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2372
          },
          {
            "timestamp": "2026-04-16 20:06:43,368",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2373
          },
          {
            "timestamp": "2026-04-16 20:06:43,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1aaf10",
            "parentcaller": "0x7ffe4b1993d5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x053a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2374
          },
          {
            "timestamp": "2026-04-16 20:06:43,884",
            "thread_id": "812",
            "caller": "0x7ffe4b1aaf10",
            "parentcaller": "0x7ffe4b1993d5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b260000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2375
          },
          {
            "timestamp": "2026-04-16 20:06:43,884",
            "thread_id": "812",
            "caller": "0x7ffe4b1aaf10",
            "parentcaller": "0x7ffe4b1993d5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b260000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2376
          },
          {
            "timestamp": "2026-04-16 20:06:43,884",
            "thread_id": "812",
            "caller": "0x7ffe4b1aaf10",
            "parentcaller": "0x7ffe4b1993d5",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2377
          },
          {
            "timestamp": "2026-04-16 20:06:43,884",
            "thread_id": "812",
            "caller": "0x7ffe4b1aaf10",
            "parentcaller": "0x7ffe4b1993d5",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2378
          },
          {
            "timestamp": "2026-04-16 20:06:43,884",
            "thread_id": "812",
            "caller": "0x7ffe4b1aaf10",
            "parentcaller": "0x7ffe4b1993d5",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c25000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2379
          },
          {
            "timestamp": "2026-04-16 20:06:43,884",
            "thread_id": "812",
            "caller": "0x7ffe4b1ab1c7",
            "parentcaller": "0x7ffe4b1aaf10",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2380
          },
          {
            "timestamp": "2026-04-16 20:06:44,196",
            "thread_id": "812",
            "caller": "0x7ffe4b199e4f",
            "parentcaller": "0x7ffe4b1ab1d6",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c25000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2381
          },
          {
            "timestamp": "2026-04-16 20:06:44,212",
            "thread_id": "812",
            "caller": "0x7ffe4b1abdb4",
            "parentcaller": "0x7ffe4b1abcbe",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1ac000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2382
          },
          {
            "timestamp": "2026-04-16 20:06:44,227",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentProcessId"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe404890"
              }
            ],
            "repeated": 0,
            "id": 2383
          },
          {
            "timestamp": "2026-04-16 20:06:44,227",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentProcessIdW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2384
          },
          {
            "timestamp": "2026-04-16 20:06:44,587",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetComputerName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2385
          },
          {
            "timestamp": "2026-04-16 20:06:44,587",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetComputerNameW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3fa460"
              }
            ],
            "repeated": 0,
            "id": 2386
          },
          {
            "timestamp": "2026-04-16 20:06:44,587",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "misc",
            "api": "GetComputerNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ComputerName",
                "value": "DESKTOP-PC01"
              }
            ],
            "repeated": 0,
            "id": 2387
          },
          {
            "timestamp": "2026-04-16 20:06:44,587",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance"
              },
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance"
              }
            ],
            "repeated": 0,
            "id": 2388
          },
          {
            "timestamp": "2026-04-16 20:06:44,634",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "Library"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\Library"
              }
            ],
            "repeated": 0,
            "id": 2389
          },
          {
            "timestamp": "2026-04-16 20:06:44,634",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "Library"
              },
              {
                "name": "Data",
                "value": "%systemroot%\\system32\\netfxperf.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\Library"
              }
            ],
            "repeated": 0,
            "id": 2390
          },
          {
            "timestamp": "2026-04-16 20:06:44,634",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "IsMultiInstance"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\IsMultiInstance"
              }
            ],
            "repeated": 0,
            "id": 2391
          },
          {
            "timestamp": "2026-04-16 20:06:44,634",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "IsMultiInstance"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\IsMultiInstance"
              }
            ],
            "repeated": 0,
            "id": 2392
          },
          {
            "timestamp": "2026-04-16 20:06:44,634",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "First Counter"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\First Counter"
              }
            ],
            "repeated": 0,
            "id": 2393
          },
          {
            "timestamp": "2026-04-16 20:06:44,634",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              },
              {
                "name": "ValueName",
                "value": "First Counter"
              },
              {
                "name": "Data",
                "value": "6828"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\First Counter"
              }
            ],
            "repeated": 0,
            "id": 2394
          },
          {
            "timestamp": "2026-04-16 20:06:44,634",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 2395
          },
          {
            "timestamp": "2026-04-16 20:06:44,696",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance"
              },
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance"
              }
            ],
            "repeated": 0,
            "id": 2396
          },
          {
            "timestamp": "2026-04-16 20:06:44,696",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "CategoryOptions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\CategoryOptions"
              }
            ],
            "repeated": 0,
            "id": 2397
          },
          {
            "timestamp": "2026-04-16 20:06:44,696",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "CategoryOptions"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\CategoryOptions"
              }
            ],
            "repeated": 0,
            "id": 2398
          },
          {
            "timestamp": "2026-04-16 20:06:44,696",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "FileMappingSize"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\FileMappingSize"
              }
            ],
            "repeated": 0,
            "id": 2399
          },
          {
            "timestamp": "2026-04-16 20:06:44,696",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "FileMappingSize"
              },
              {
                "name": "Data",
                "value": "131072"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\FileMappingSize"
              }
            ],
            "repeated": 0,
            "id": 2400
          },
          {
            "timestamp": "2026-04-16 20:06:44,696",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "Counter Names"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\Counter Names"
              }
            ],
            "repeated": 0,
            "id": 2401
          },
          {
            "timestamp": "2026-04-16 20:06:44,696",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "ValueName",
                "value": "Counter Names"
              },
              {
                "name": "Data",
                "value": "C\\x00o\\x00n\\x00n\\x00e\\x00c\\x00t\\x00i\\x00o\\x00n\\x00s\\x00 \\x00E\\x00s\\x00t\\x00a\\x00b\\x00l\\x00i\\x00s\\x00h\\x00e\\x00d\\x00\\x00\\x00B\\x00y\\x00t\\x00e\\x00s\\x00 \\x00R\\x00e\\x00c\\x00e\\x00i\\x00v\\x00e\\x00d\\x00\\x00\\x00B\\x00y\\x00t\\x00e\\x00s\\x00 \\x00S\\x00e\\x00n\\x00t\\x00\\x00\\x00D\\x00a\\x00t\\x00a\\x00g\\x00r\\x00a\\x00m\\x00s\\x00 \\x00R\\x00e\\x00c\\x00e\\x00i\\x00v\\x00e\\x00d\\x00\\x00\\x00D\\x00a\\x00t\\x00a\\x00g\\x00r\\x00a\\x00m\\x00s\\x00 \\x00S\\x00e\\x00n\\x00t\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\Counter Names"
              }
            ],
            "repeated": 0,
            "id": 2402
          },
          {
            "timestamp": "2026-04-16 20:06:44,696",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "ConvertStringSecurityDescriptorToSecurityDescriptor"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2403
          },
          {
            "timestamp": "2026-04-16 20:06:44,696",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "ConvertStringSecurityDescriptorToSecurityDescriptorW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd731e00"
              }
            ],
            "repeated": 0,
            "id": 2404
          },
          {
            "timestamp": "2026-04-16 20:06:44,696",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "LocalFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3f7b60"
              }
            ],
            "repeated": 0,
            "id": 2405
          },
          {
            "timestamp": "2026-04-16 20:06:44,696",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "misc",
            "api": "LsaOpenPolicy",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2406
          },
          {
            "timestamp": "2026-04-16 20:06:44,696",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateFileMapping"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2407
          },
          {
            "timestamp": "2026-04-16 20:06:44,696",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateFileMappingW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3fc8e0"
              }
            ],
            "repeated": 0,
            "id": 2408
          },
          {
            "timestamp": "2026-04-16 20:06:44,696",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "CloseHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe4048e0"
              }
            ],
            "repeated": 0,
            "id": 2409
          },
          {
            "timestamp": "2026-04-16 20:06:44,696",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000484"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\netfxcustomperfcounters.1.0.net clr networking"
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2410
          },
          {
            "timestamp": "2026-04-16 20:06:44,696",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "MapViewOfFile"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3fd7f0"
              }
            ],
            "repeated": 0,
            "id": 2411
          },
          {
            "timestamp": "2026-04-16 20:06:44,696",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "UnmapViewOfFile"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3fe000"
              }
            ],
            "repeated": 0,
            "id": 2412
          },
          {
            "timestamp": "2026-04-16 20:06:44,696",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000484"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00dc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007ec950"
              },
              {
                "name": "ViewSize",
                "value": "0x00020000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2413
          },
          {
            "timestamp": "2026-04-16 20:06:44,696",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "VirtualQuery"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3fc1a0"
              }
            ],
            "repeated": 0,
            "id": 2414
          },
          {
            "timestamp": "2026-04-16 20:06:44,696",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 2415
          },
          {
            "timestamp": "2026-04-16 20:06:44,712",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "CreateWellKnownSid"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd737bd0"
              }
            ],
            "repeated": 0,
            "id": 2416
          },
          {
            "timestamp": "2026-04-16 20:06:44,712",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd720000"
              },
              {
                "name": "FunctionName",
                "value": "CreateWellKnownSidW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2417
          },
          {
            "timestamp": "2026-04-16 20:06:44,712",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "MutexName",
                "value": "Global\\.net clr networking"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2418
          },
          {
            "timestamp": "2026-04-16 20:06:44,712",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "WaitForSingleObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe404ad0"
              }
            ],
            "repeated": 0,
            "id": 2419
          },
          {
            "timestamp": "2026-04-16 20:06:44,712",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2420
          },
          {
            "timestamp": "2026-04-16 20:06:44,712",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2421
          },
          {
            "timestamp": "2026-04-16 20:06:44,712",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": false,
            "return": "0xffffffffc0000022",
            "pretty_return": "ACCESS_DENIED",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x007ef940"
              },
              {
                "name": "MutexName",
                "value": "Global\\.net clr networking"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2422
          },
          {
            "timestamp": "2026-04-16 20:06:44,712",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "OpenMutex"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2423
          },
          {
            "timestamp": "2026-04-16 20:06:44,712",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "OpenMutexW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe404a20"
              }
            ],
            "repeated": 0,
            "id": 2424
          },
          {
            "timestamp": "2026-04-16 20:06:44,712",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "synchronization",
            "api": "NtOpenMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "MutexName",
                "value": "Global\\.net clr networking"
              }
            ],
            "repeated": 0,
            "id": 2425
          },
          {
            "timestamp": "2026-04-16 20:06:44,712",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2426
          },
          {
            "timestamp": "2026-04-16 20:06:44,712",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              },
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2427
          },
          {
            "timestamp": "2026-04-16 20:06:44,712",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              }
            ],
            "repeated": 0,
            "id": 2428
          },
          {
            "timestamp": "2026-04-16 20:06:44,712",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              }
            ],
            "repeated": 0,
            "id": 2429
          },
          {
            "timestamp": "2026-04-16 20:06:44,712",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "CloseHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe4048e0"
              }
            ],
            "repeated": 0,
            "id": 2430
          },
          {
            "timestamp": "2026-04-16 20:06:44,743",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "OpenProcess"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3fade0"
              }
            ],
            "repeated": 0,
            "id": 2431
          },
          {
            "timestamp": "2026-04-16 20:06:44,743",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "OpenProcessW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2432
          },
          {
            "timestamp": "2026-04-16 20:06:44,743",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000048c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000400",
                "pretty_value": "PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 2433
          },
          {
            "timestamp": "2026-04-16 20:06:44,743",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetProcessTimes"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3faad0"
              }
            ],
            "repeated": 0,
            "id": 2434
          },
          {
            "timestamp": "2026-04-16 20:06:44,743",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetProcessTimesW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2435
          },
          {
            "timestamp": "2026-04-16 20:06:44,743",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              }
            ],
            "repeated": 0,
            "id": 2436
          },
          {
            "timestamp": "2026-04-16 20:06:44,743",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 2437
          },
          {
            "timestamp": "2026-04-16 20:06:44,743",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 2438
          },
          {
            "timestamp": "2026-04-16 20:06:44,806",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "MutexName",
                "value": "Global\\.net clr networking"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2439
          },
          {
            "timestamp": "2026-04-16 20:06:44,806",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2440
          },
          {
            "timestamp": "2026-04-16 20:06:44,806",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2441
          },
          {
            "timestamp": "2026-04-16 20:06:44,806",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2442
          },
          {
            "timestamp": "2026-04-16 20:06:44,806",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "44"
              }
            ],
            "repeated": 0,
            "id": 2443
          },
          {
            "timestamp": "2026-04-16 20:06:44,806",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe850000"
              }
            ],
            "repeated": 0,
            "id": 2444
          },
          {
            "timestamp": "2026-04-16 20:06:44,806",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe850000"
              },
              {
                "name": "FunctionName",
                "value": "RtlGetSystemTimeAndBias"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe8ec650"
              }
            ],
            "repeated": 0,
            "id": 2445
          },
          {
            "timestamp": "2026-04-16 20:06:44,806",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x00d50002",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "tzres.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000822"
              }
            ],
            "repeated": 0,
            "id": 2446
          },
          {
            "timestamp": "2026-04-16 20:06:44,806",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 2447
          },
          {
            "timestamp": "2026-04-16 20:06:44,806",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048c"
              },
              {
                "name": "ValueName",
                "value": "Latest"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest"
              }
            ],
            "repeated": 0,
            "id": 2448
          },
          {
            "timestamp": "2026-04-16 20:06:44,806",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              }
            ],
            "repeated": 0,
            "id": 2449
          },
          {
            "timestamp": "2026-04-16 20:06:44,806",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000048c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\tzres.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2450
          },
          {
            "timestamp": "2026-04-16 20:06:44,806",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000490"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000048c"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\tzres.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 2451
          },
          {
            "timestamp": "2026-04-16 20:06:44,806",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000490"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007eb380"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2452
          },
          {
            "timestamp": "2026-04-16 20:06:44,806",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              }
            ],
            "repeated": 0,
            "id": 2453
          },
          {
            "timestamp": "2026-04-16 20:06:44,806",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              }
            ],
            "repeated": 0,
            "id": 2454
          },
          {
            "timestamp": "2026-04-16 20:06:44,806",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              }
            ],
            "repeated": 0,
            "id": 2455
          },
          {
            "timestamp": "2026-04-16 20:06:44,806",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000048c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ru-RU\\tzres.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2456
          },
          {
            "timestamp": "2026-04-16 20:06:44,806",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000494"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000048c"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ru-RU\\tzres.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 2457
          },
          {
            "timestamp": "2026-04-16 20:06:44,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000494"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007eb380"
              },
              {
                "name": "ViewSize",
                "value": "0x0000b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2458
          },
          {
            "timestamp": "2026-04-16 20:06:44,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000494"
              }
            ],
            "repeated": 0,
            "id": 2459
          },
          {
            "timestamp": "2026-04-16 20:06:44,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              }
            ],
            "repeated": 0,
            "id": 2460
          },
          {
            "timestamp": "2026-04-16 20:06:44,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              }
            ],
            "repeated": 0,
            "id": 2461
          },
          {
            "timestamp": "2026-04-16 20:06:44,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              }
            ],
            "repeated": 0,
            "id": 2462
          },
          {
            "timestamp": "2026-04-16 20:06:44,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x00d50002",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "tzres.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000822"
              }
            ],
            "repeated": 0,
            "id": 2463
          },
          {
            "timestamp": "2026-04-16 20:06:44,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 2464
          },
          {
            "timestamp": "2026-04-16 20:06:44,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000048c"
              },
              {
                "name": "ValueName",
                "value": "Latest"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest"
              }
            ],
            "repeated": 0,
            "id": 2465
          },
          {
            "timestamp": "2026-04-16 20:06:44,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              }
            ],
            "repeated": 0,
            "id": 2466
          },
          {
            "timestamp": "2026-04-16 20:06:44,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\tzres.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2467
          },
          {
            "timestamp": "2026-04-16 20:06:44,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000049c"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\tzres.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 2468
          },
          {
            "timestamp": "2026-04-16 20:06:44,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004a0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007eb380"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2469
          },
          {
            "timestamp": "2026-04-16 20:06:44,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a0"
              }
            ],
            "repeated": 0,
            "id": 2470
          },
          {
            "timestamp": "2026-04-16 20:06:44,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              }
            ],
            "repeated": 0,
            "id": 2471
          },
          {
            "timestamp": "2026-04-16 20:06:44,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 2472
          },
          {
            "timestamp": "2026-04-16 20:06:44,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ru-RU\\tzres.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2473
          },
          {
            "timestamp": "2026-04-16 20:06:44,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000049c"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ru-RU\\tzres.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 2474
          },
          {
            "timestamp": "2026-04-16 20:06:44,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004a0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007eb380"
              },
              {
                "name": "ViewSize",
                "value": "0x0000b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2475
          },
          {
            "timestamp": "2026-04-16 20:06:44,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a0"
              }
            ],
            "repeated": 0,
            "id": 2476
          },
          {
            "timestamp": "2026-04-16 20:06:44,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              }
            ],
            "repeated": 0,
            "id": 2477
          },
          {
            "timestamp": "2026-04-16 20:06:44,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 2478
          },
          {
            "timestamp": "2026-04-16 20:06:44,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              }
            ],
            "repeated": 0,
            "id": 2479
          },
          {
            "timestamp": "2026-04-16 20:06:44,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "44"
              }
            ],
            "repeated": 0,
            "id": 2480
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2481
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 2482
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 2483
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "MutexName",
                "value": "Global\\.net clr networking"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2484
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2485
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2486
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2487
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 2488
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 2489
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "MutexName",
                "value": "Global\\.net clr networking"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2490
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2491
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2492
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2493
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 2494
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 2495
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "MutexName",
                "value": "Global\\.net clr networking"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2496
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2497
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2498
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2499
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 2500
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 2501
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "MutexName",
                "value": "Global\\.net clr networking"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2502
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2503
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2504
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2505
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 2506
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 2507
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "MutexName",
                "value": "Global\\.net clr networking"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2508
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2509
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2510
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2511
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 2512
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 2513
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x053b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2514
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "MutexName",
                "value": "Global\\.net clr networking"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2515
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2516
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              },
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2517
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2518
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 2519
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 2520
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              },
              {
                "name": "MutexName",
                "value": "Global\\.net clr networking"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2521
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2522
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              },
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2523
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2524
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              }
            ],
            "repeated": 0,
            "id": 2525
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              }
            ],
            "repeated": 0,
            "id": 2526
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              },
              {
                "name": "MutexName",
                "value": "Global\\.net clr networking"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2527
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2528
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              },
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2529
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2530
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              }
            ],
            "repeated": 0,
            "id": 2531
          },
          {
            "timestamp": "2026-04-16 20:06:44,837",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              }
            ],
            "repeated": 0,
            "id": 2532
          },
          {
            "timestamp": "2026-04-16 20:06:45,009",
            "thread_id": "812",
            "caller": "0x7ffe4b1993d5",
            "parentcaller": "0x7ffe4b19918d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd6b0000"
              },
              {
                "name": "FunctionName",
                "value": "inet_addr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd6c2670"
              }
            ],
            "repeated": 0,
            "id": 2533
          },
          {
            "timestamp": "2026-04-16 20:06:45,056",
            "thread_id": "812",
            "caller": "0x7ffe4b199418",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2534
          },
          {
            "timestamp": "2026-04-16 20:06:45,399",
            "thread_id": "812",
            "caller": "0x7ffe4b199418",
            "parentcaller": "0x7ffe4b19918d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b261000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2535
          },
          {
            "timestamp": "2026-04-16 20:06:45,587",
            "thread_id": "812",
            "caller": "0x7ffe4b1ac080",
            "parentcaller": "0x7ffe4b199418",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b234000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2536
          },
          {
            "timestamp": "2026-04-16 20:06:45,602",
            "thread_id": "812",
            "caller": "0x7ffe4b1ac080",
            "parentcaller": "0x7ffe4b199418",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b257000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2537
          },
          {
            "timestamp": "2026-04-16 20:06:45,602",
            "thread_id": "812",
            "caller": "0x7ffe4b19eb83",
            "parentcaller": "0x7ffe4b19ead4",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 2538
          },
          {
            "timestamp": "2026-04-16 20:06:45,759",
            "thread_id": "812",
            "caller": "0x7ffe4b1ab92e",
            "parentcaller": "0x7ffe4b1aaff2",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2539
          },
          {
            "timestamp": "2026-04-16 20:06:45,759",
            "thread_id": "812",
            "caller": "0x7ffe4b1ab92e",
            "parentcaller": "0x7ffe4b1aaff2",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2540
          },
          {
            "timestamp": "2026-04-16 20:06:45,759",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2541
          },
          {
            "timestamp": "2026-04-16 20:06:45,759",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2542
          },
          {
            "timestamp": "2026-04-16 20:06:45,759",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2543
          },
          {
            "timestamp": "2026-04-16 20:06:45,759",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2544
          },
          {
            "timestamp": "2026-04-16 20:06:45,759",
            "thread_id": "812",
            "caller": "0x7ffe4b1ac631",
            "parentcaller": "0x7ffe4b1a7c36",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2545
          },
          {
            "timestamp": "2026-04-16 20:06:45,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2546
          },
          {
            "timestamp": "2026-04-16 20:06:45,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e041000"
              },
              {
                "name": "RegionSize",
                "value": "0x00093000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2547
          },
          {
            "timestamp": "2026-04-16 20:06:45,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2548
          },
          {
            "timestamp": "2026-04-16 20:06:45,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2549
          },
          {
            "timestamp": "2026-04-16 20:06:45,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00da0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2550
          },
          {
            "timestamp": "2026-04-16 20:06:45,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00de0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2551
          },
          {
            "timestamp": "2026-04-16 20:06:45,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e041000"
              },
              {
                "name": "RegionSize",
                "value": "0x00093000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2552
          },
          {
            "timestamp": "2026-04-16 20:06:45,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c53000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2553
          },
          {
            "timestamp": "2026-04-16 20:06:45,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2554
          },
          {
            "timestamp": "2026-04-16 20:06:45,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00de0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2555
          },
          {
            "timestamp": "2026-04-16 20:06:45,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2556
          },
          {
            "timestamp": "2026-04-16 20:06:45,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d90000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2557
          },
          {
            "timestamp": "2026-04-16 20:06:45,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00da0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2558
          },
          {
            "timestamp": "2026-04-16 20:06:45,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1a7c36",
            "parentcaller": "0x7ffe4b1a7acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c53000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2559
          },
          {
            "timestamp": "2026-04-16 20:06:45,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1acb36",
            "parentcaller": "0x7ffe4b1a7c36",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2560
          },
          {
            "timestamp": "2026-04-16 20:06:45,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1acb36",
            "parentcaller": "0x7ffe4b1a7c36",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2561
          },
          {
            "timestamp": "2026-04-16 20:06:45,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1acb36",
            "parentcaller": "0x7ffe4b1a7c36",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d90000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2562
          },
          {
            "timestamp": "2026-04-16 20:06:45,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1acb36",
            "parentcaller": "0x7ffe4b1a7c36",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1ad000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2563
          },
          {
            "timestamp": "2026-04-16 20:06:45,774",
            "thread_id": "812",
            "caller": "0x7ffe4b1acb36",
            "parentcaller": "0x7ffe4b1a7c36",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2564
          },
          {
            "timestamp": "2026-04-16 20:06:45,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1acb36",
            "parentcaller": "0x7ffe4b1a7c36",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2565
          },
          {
            "timestamp": "2026-04-16 20:06:45,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1acb36",
            "parentcaller": "0x7ffe4b1a7c36",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2566
          },
          {
            "timestamp": "2026-04-16 20:06:45,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1acb36",
            "parentcaller": "0x7ffe4b1a7c36",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2567
          },
          {
            "timestamp": "2026-04-16 20:06:45,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1aceca",
            "parentcaller": "0x7ffe4b1acb36",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2568
          },
          {
            "timestamp": "2026-04-16 20:06:45,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1aceca",
            "parentcaller": "0x7ffe4b1acb36",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b262000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2569
          },
          {
            "timestamp": "2026-04-16 20:06:45,790",
            "thread_id": "812",
            "caller": "0x7ffe4b1a9d55",
            "parentcaller": "0x7ffe4b1a9bd2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2570
          },
          {
            "timestamp": "2026-04-16 20:06:45,946",
            "thread_id": "812",
            "caller": "0x7ffe4b19eb83",
            "parentcaller": "0x7ffe4b19ead4",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000048c"
              }
            ],
            "repeated": 0,
            "id": 2571
          },
          {
            "timestamp": "2026-04-16 20:06:45,946",
            "thread_id": "812",
            "caller": "0x7ffe4b1ac080",
            "parentcaller": "0x7ffe4b199418",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2572
          },
          {
            "timestamp": "2026-04-16 20:06:45,946",
            "thread_id": "812",
            "caller": "0x7ffe4b1ac080",
            "parentcaller": "0x7ffe4b199418",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2573
          },
          {
            "timestamp": "2026-04-16 20:06:46,056",
            "thread_id": "812",
            "caller": "0x7ffe4b1ac080",
            "parentcaller": "0x7ffe4b199418",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c3d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2574
          },
          {
            "timestamp": "2026-04-16 20:06:46,243",
            "thread_id": "812",
            "caller": "0x7ffe4b1ac080",
            "parentcaller": "0x7ffe4b199418",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b208000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2575
          },
          {
            "timestamp": "2026-04-16 20:06:46,446",
            "thread_id": "812",
            "caller": "0x7ffe4b1ac080",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x0000049c",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1180"
              }
            ],
            "repeated": 0,
            "id": 2576
          },
          {
            "timestamp": "2026-04-16 20:06:46,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1ac0ba",
            "parentcaller": "0x7ffe4b199418",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd6b0000"
              },
              {
                "name": "FunctionName",
                "value": "setsockopt"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd6c10a0"
              }
            ],
            "repeated": 0,
            "id": 2577
          },
          {
            "timestamp": "2026-04-16 20:06:46,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1ac0ba",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1180"
              },
              {
                "name": "level",
                "value": "0x7ffe0000ffff"
              },
              {
                "name": "optname",
                "value": "0x7ffe00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2578
          },
          {
            "timestamp": "2026-04-16 20:06:46,821",
            "thread_id": "812",
            "caller": "0x7ffe4b1ac0fd",
            "parentcaller": "0x7ffe4b199418",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2579
          },
          {
            "timestamp": "2026-04-16 20:06:46,977",
            "thread_id": "812",
            "caller": "0x7ffe4b1ade07",
            "parentcaller": "0x7ffe4b1ac145",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000004b0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00c261e0"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "160"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              },
              {
                "name": "Module",
                "value": "mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 2580
          },
          {
            "timestamp": "2026-04-16 20:06:46,977",
            "thread_id": "812",
            "caller": "0x7ffe4b1ade07",
            "parentcaller": "0x7ffe4b1ac145",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x000004b0",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00c261e0"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "160"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 2581
          },
          {
            "timestamp": "2026-04-16 20:06:46,977",
            "thread_id": "812",
            "caller": "0x7ffe4b1ade07",
            "parentcaller": "0x7ffe4b1ac145",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000004b0"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "160"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 2582
          },
          {
            "timestamp": "2026-04-16 20:06:46,977",
            "thread_id": "160",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffefc5e2d56",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              }
            ],
            "repeated": 0,
            "id": 2583
          },
          {
            "timestamp": "2026-04-16 20:06:46,977",
            "thread_id": "160",
            "caller": "0x7ffefe8c4fed",
            "parentcaller": "0x7ffefe8c4bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2584
          },
          {
            "timestamp": "2026-04-16 20:06:46,977",
            "thread_id": "160",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00c261e0"
              }
            ],
            "repeated": 0,
            "id": 2585
          },
          {
            "timestamp": "2026-04-16 20:06:46,977",
            "thread_id": "160",
            "caller": "0x7ffeaacb620d",
            "parentcaller": "0x7ffeaa87894f",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "16384"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2586
          },
          {
            "timestamp": "2026-04-16 20:06:46,977",
            "thread_id": "160",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaa878a03",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e341000"
              },
              {
                "name": "RegionSize",
                "value": "0x000f7000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2587
          },
          {
            "timestamp": "2026-04-16 20:06:46,977",
            "thread_id": "160",
            "caller": "0x7ffefc5d1ace",
            "parentcaller": "0x7ffeaa8a9840",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2588
          },
          {
            "timestamp": "2026-04-16 20:06:46,977",
            "thread_id": "160",
            "caller": "0x7ffefc5d1ace",
            "parentcaller": "0x7ffeaa8a9840",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e0"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2589
          },
          {
            "timestamp": "2026-04-16 20:06:46,977",
            "thread_id": "160",
            "caller": "0x7ffefc618e6e",
            "parentcaller": "0x7ffeaaca8b2f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000004b0"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x8a\\x00\\x00\\x00\\x00\\x00<\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "160"
              }
            ],
            "repeated": 0,
            "id": 2590
          },
          {
            "timestamp": "2026-04-16 20:06:46,977",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 3,
            "id": 2591
          },
          {
            "timestamp": "2026-04-16 20:06:47,102",
            "thread_id": "812",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd6b0000"
              },
              {
                "name": "FunctionName",
                "value": "bind"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd6c09c0"
              }
            ],
            "repeated": 0,
            "id": 2592
          },
          {
            "timestamp": "2026-04-16 20:06:47,102",
            "thread_id": "812",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1180"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2593
          },
          {
            "timestamp": "2026-04-16 20:06:47,118",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 4,
            "id": 2594
          },
          {
            "timestamp": "2026-04-16 20:06:47,259",
            "thread_id": "812",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ffeaa96d6bc"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "7696"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              },
              {
                "name": "Module",
                "value": "mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 2595
          },
          {
            "timestamp": "2026-04-16 20:06:47,259",
            "thread_id": "812",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x000004b8",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ffeaa96d6bc"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "7696"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 2596
          },
          {
            "timestamp": "2026-04-16 20:06:47,259",
            "thread_id": "812",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000004b8"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "7696"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 2597
          },
          {
            "timestamp": "2026-04-16 20:06:47,259",
            "thread_id": "812",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2598
          },
          {
            "timestamp": "2026-04-16 20:06:47,259",
            "thread_id": "7696",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffefc5e2d56",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              }
            ],
            "repeated": 0,
            "id": 2599
          },
          {
            "timestamp": "2026-04-16 20:06:47,259",
            "thread_id": "7696",
            "caller": "0x7ffefe8c4fed",
            "parentcaller": "0x7ffefe8c4bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2600
          },
          {
            "timestamp": "2026-04-16 20:06:47,259",
            "thread_id": "7696",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ffeaa96d6bc"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2601
          },
          {
            "timestamp": "2026-04-16 20:06:47,259",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2602
          },
          {
            "timestamp": "2026-04-16 20:06:47,259",
            "thread_id": "812",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000004cc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00bccfd0"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "1124"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              },
              {
                "name": "Module",
                "value": "mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 2603
          },
          {
            "timestamp": "2026-04-16 20:06:47,259",
            "thread_id": "812",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x000004cc",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00bccfd0"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "1124"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 2604
          },
          {
            "timestamp": "2026-04-16 20:06:47,259",
            "thread_id": "812",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000004cc"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "1124"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 2605
          },
          {
            "timestamp": "2026-04-16 20:06:47,259",
            "thread_id": "1124",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d27000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2606
          },
          {
            "timestamp": "2026-04-16 20:06:47,259",
            "thread_id": "812",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000049c"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x10w\\xf1\\xaa\\xfe\\x7f\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2607
          },
          {
            "timestamp": "2026-04-16 20:06:47,259",
            "thread_id": "1124",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffefc5e2d56",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              }
            ],
            "repeated": 0,
            "id": 2608
          },
          {
            "timestamp": "2026-04-16 20:06:47,259",
            "thread_id": "1124",
            "caller": "0x7ffefe8c4fed",
            "parentcaller": "0x7ffefe8c4bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2609
          },
          {
            "timestamp": "2026-04-16 20:06:47,259",
            "thread_id": "1124",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00bccfd0"
              }
            ],
            "repeated": 0,
            "id": 2610
          },
          {
            "timestamp": "2026-04-16 20:06:47,259",
            "thread_id": "1124",
            "caller": "0x7ffeaacb620d",
            "parentcaller": "0x7ffeaa87894f",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "16384"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2611
          },
          {
            "timestamp": "2026-04-16 20:06:47,259",
            "thread_id": "1124",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaa878a03",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e541000"
              },
              {
                "name": "RegionSize",
                "value": "0x000f6000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2612
          },
          {
            "timestamp": "2026-04-16 20:06:47,274",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 3,
            "id": 2613
          },
          {
            "timestamp": "2026-04-16 20:06:47,368",
            "thread_id": "812",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd6b0000"
              },
              {
                "name": "FunctionName",
                "value": "WSAIoctl"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd6b5360"
              }
            ],
            "repeated": 0,
            "id": 2614
          },
          {
            "timestamp": "2026-04-16 20:06:47,399",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 12,
            "id": 2615
          },
          {
            "timestamp": "2026-04-16 20:06:47,774",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d74d",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2616
          },
          {
            "timestamp": "2026-04-16 20:06:47,774",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2617
          },
          {
            "timestamp": "2026-04-16 20:06:47,806",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 2618
          },
          {
            "timestamp": "2026-04-16 20:06:47,806",
            "thread_id": "812",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1ae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2619
          },
          {
            "timestamp": "2026-04-16 20:06:47,806",
            "thread_id": "812",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b263000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2620
          },
          {
            "timestamp": "2026-04-16 20:06:47,806",
            "thread_id": "812",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c4d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2621
          },
          {
            "timestamp": "2026-04-16 20:06:47,806",
            "thread_id": "812",
            "caller": "0x7ffe4b1ae05a",
            "parentcaller": "0x7ffe4b1ac15a",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1180"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "127.0.0.1"
              },
              {
                "name": "port",
                "value": "9033"
              }
            ],
            "repeated": 0,
            "id": 2622
          },
          {
            "timestamp": "2026-04-16 20:06:47,806",
            "thread_id": "812",
            "caller": "0x7ffe4b19013c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd9e0000"
              },
              {
                "name": "FunctionName",
                "value": "WaitMessage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefda14ed0"
              }
            ],
            "repeated": 0,
            "id": 2623
          },
          {
            "timestamp": "2026-04-16 20:06:47,837",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 14,
            "id": 2624
          },
          {
            "timestamp": "2026-04-16 20:06:48,290",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2625
          },
          {
            "timestamp": "2026-04-16 20:06:48,290",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2626
          },
          {
            "timestamp": "2026-04-16 20:06:48,306",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 7,
            "id": 2627
          },
          {
            "timestamp": "2026-04-16 20:06:48,524",
            "thread_id": "4860",
            "caller": "0x7ffe4b196d1f",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20000"
              }
            ],
            "repeated": 0,
            "id": 2628
          },
          {
            "timestamp": "2026-04-16 20:06:48,556",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 8,
            "id": 2629
          },
          {
            "timestamp": "2026-04-16 20:06:48,806",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2630
          },
          {
            "timestamp": "2026-04-16 20:06:48,806",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2631
          },
          {
            "timestamp": "2026-04-16 20:06:48,837",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 2632
          },
          {
            "timestamp": "2026-04-16 20:06:49,321",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2633
          },
          {
            "timestamp": "2026-04-16 20:06:49,321",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2634
          },
          {
            "timestamp": "2026-04-16 20:06:49,337",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 16,
            "id": 2635
          },
          {
            "timestamp": "2026-04-16 20:06:49,837",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2636
          },
          {
            "timestamp": "2026-04-16 20:06:49,837",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2637
          },
          {
            "timestamp": "2026-04-16 20:06:49,852",
            "thread_id": "1124",
            "caller": "0x7ffefc5e55ef",
            "parentcaller": "0x7ffefe3fb5dd",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000004d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00c26520"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "1048"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              },
              {
                "name": "Module",
                "value": "mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 2638
          },
          {
            "timestamp": "2026-04-16 20:06:49,852",
            "thread_id": "1124",
            "caller": "0x7ffefc5e55ef",
            "parentcaller": "0x7ffefe3fb5dd",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x000004d8",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00c26520"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "1048"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 2639
          },
          {
            "timestamp": "2026-04-16 20:06:49,852",
            "thread_id": "1124",
            "caller": "0x7ffefc627bc0",
            "parentcaller": "0x7ffeaaca89a2",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000004d8"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "1048"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 2640
          },
          {
            "timestamp": "2026-04-16 20:06:49,852",
            "thread_id": "1124",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaa89c6fc",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd6b0000"
              },
              {
                "name": "FunctionName",
                "value": "WSAGetOverlappedResult"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefd6b2170"
              }
            ],
            "repeated": 0,
            "id": 2641
          },
          {
            "timestamp": "2026-04-16 20:06:49,852",
            "thread_id": "1124",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000004cc"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x8a\\x00\\x00\\x00\\x00\\x00<\\x10\\x00\\x00\\x00\\x00\\x00\\x00d\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "1124"
              }
            ],
            "repeated": 0,
            "id": 2642
          },
          {
            "timestamp": "2026-04-16 20:06:49,852",
            "thread_id": "1124",
            "caller": "0x7ffefe85ed8a",
            "parentcaller": "0x7ffefe87db07",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c4d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2643
          },
          {
            "timestamp": "2026-04-16 20:06:49,852",
            "thread_id": "1048",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffefc5e2d56",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              }
            ],
            "repeated": 0,
            "id": 2644
          },
          {
            "timestamp": "2026-04-16 20:06:49,852",
            "thread_id": "1048",
            "caller": "0x7ffefe8c4fed",
            "parentcaller": "0x7ffefe8c4bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2645
          },
          {
            "timestamp": "2026-04-16 20:06:49,852",
            "thread_id": "1048",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00c26520"
              }
            ],
            "repeated": 0,
            "id": 2646
          },
          {
            "timestamp": "2026-04-16 20:06:49,852",
            "thread_id": "1048",
            "caller": "0x7ffeaacb620d",
            "parentcaller": "0x7ffeaa87894f",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "16384"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2647
          },
          {
            "timestamp": "2026-04-16 20:06:49,852",
            "thread_id": "1048",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaa878a03",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e641000"
              },
              {
                "name": "RegionSize",
                "value": "0x000f7000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2648
          },
          {
            "timestamp": "2026-04-16 20:06:49,852",
            "thread_id": "1124",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b258000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2649
          },
          {
            "timestamp": "2026-04-16 20:06:49,868",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 3,
            "id": 2650
          },
          {
            "timestamp": "2026-04-16 20:06:49,977",
            "thread_id": "1124",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2651
          },
          {
            "timestamp": "2026-04-16 20:06:49,977",
            "thread_id": "1124",
            "caller": "0x7ffefe85ed8a",
            "parentcaller": "0x7ffefe87db07",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e041000"
              },
              {
                "name": "RegionSize",
                "value": "0x00093000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2652
          },
          {
            "timestamp": "2026-04-16 20:06:49,977",
            "thread_id": "1124",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2653
          },
          {
            "timestamp": "2026-04-16 20:06:49,977",
            "thread_id": "1124",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00da0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2654
          },
          {
            "timestamp": "2026-04-16 20:06:49,977",
            "thread_id": "1124",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00de0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2655
          },
          {
            "timestamp": "2026-04-16 20:06:49,977",
            "thread_id": "1124",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaacc027b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00df0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2656
          },
          {
            "timestamp": "2026-04-16 20:06:49,977",
            "thread_id": "1124",
            "caller": "0x7ffefc6133f2",
            "parentcaller": "0x7ffeaacd2660",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00da0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2657
          },
          {
            "timestamp": "2026-04-16 20:06:49,977",
            "thread_id": "1124",
            "caller": "0x7ffefc6133f2",
            "parentcaller": "0x7ffeaacd2660",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d90000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2658
          },
          {
            "timestamp": "2026-04-16 20:06:49,977",
            "thread_id": "1124",
            "caller": "0x7ffefc6133f2",
            "parentcaller": "0x7ffeaacd2660",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2659
          },
          {
            "timestamp": "2026-04-16 20:06:49,977",
            "thread_id": "1124",
            "caller": "0x7ffefc6133f2",
            "parentcaller": "0x7ffeaacd2660",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00de0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2660
          },
          {
            "timestamp": "2026-04-16 20:06:49,977",
            "thread_id": "1124",
            "caller": "0x7ffefc6133f2",
            "parentcaller": "0x7ffeaacd2660",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00df0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2661
          },
          {
            "timestamp": "2026-04-16 20:06:49,993",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 2,
            "id": 2662
          },
          {
            "timestamp": "2026-04-16 20:06:50,056",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae48c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "FormatMessage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2663
          },
          {
            "timestamp": "2026-04-16 20:06:50,056",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae48c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              },
              {
                "name": "FunctionName",
                "value": "FormatMessageW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefe3fc890"
              }
            ],
            "repeated": 0,
            "id": 2664
          },
          {
            "timestamp": "2026-04-16 20:06:50,056",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae48c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 2665
          },
          {
            "timestamp": "2026-04-16 20:06:50,056",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae48c",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Latest"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest"
              }
            ],
            "repeated": 0,
            "id": 2666
          },
          {
            "timestamp": "2026-04-16 20:06:50,056",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae48c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 2667
          },
          {
            "timestamp": "2026-04-16 20:06:50,056",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae48c",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\KERNELBASE.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2668
          },
          {
            "timestamp": "2026-04-16 20:06:50,056",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae48c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e8"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\KernelBase.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 2669
          },
          {
            "timestamp": "2026-04-16 20:06:50,056",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae48c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e740000"
              },
              {
                "name": "SectionOffset",
                "value": "0x1e63d4c0"
              },
              {
                "name": "ViewSize",
                "value": "0x0014f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2670
          },
          {
            "timestamp": "2026-04-16 20:06:50,056",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae48c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 2671
          },
          {
            "timestamp": "2026-04-16 20:06:50,056",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae48c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e740000"
              },
              {
                "name": "RegionSize",
                "value": "0x0014f000"
              }
            ],
            "repeated": 0,
            "id": 2672
          },
          {
            "timestamp": "2026-04-16 20:06:50,056",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae48c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 2673
          },
          {
            "timestamp": "2026-04-16 20:06:50,056",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae48c",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ru-RU\\KERNELBASE.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2674
          },
          {
            "timestamp": "2026-04-16 20:06:50,056",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae48c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ru-RU\\KernelBase.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 2675
          },
          {
            "timestamp": "2026-04-16 20:06:50,056",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae48c",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e740000"
              },
              {
                "name": "SectionOffset",
                "value": "0x1e63d4c0"
              },
              {
                "name": "ViewSize",
                "value": "0x0014c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2676
          },
          {
            "timestamp": "2026-04-16 20:06:50,056",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae48c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 2677
          },
          {
            "timestamp": "2026-04-16 20:06:50,087",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 2678
          },
          {
            "timestamp": "2026-04-16 20:06:50,102",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae78d",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1180"
              }
            ],
            "repeated": 0,
            "id": 2679
          },
          {
            "timestamp": "2026-04-16 20:06:50,102",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000328"
              },
              {
                "name": "SubKey",
                "value": "NI\\4ecde57e\\31d9ddbb"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\4ecde57e\\31d9ddbb"
              }
            ],
            "repeated": 0,
            "id": 2680
          },
          {
            "timestamp": "2026-04-16 20:06:50,102",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ClientPlugin.dll"
              }
            ],
            "repeated": 0,
            "id": 2681
          },
          {
            "timestamp": "2026-04-16 20:06:50,102",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ClientPlugin\\ClientPlugin.dll"
              }
            ],
            "repeated": 0,
            "id": 2682
          },
          {
            "timestamp": "2026-04-16 20:06:50,102",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ClientPlugin.exe"
              }
            ],
            "repeated": 0,
            "id": 2683
          },
          {
            "timestamp": "2026-04-16 20:06:50,102",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ClientPlugin\\ClientPlugin.exe"
              }
            ],
            "repeated": 0,
            "id": 2684
          },
          {
            "timestamp": "2026-04-16 20:06:50,102",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 2685
          },
          {
            "timestamp": "2026-04-16 20:06:50,102",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xbac\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfe\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00@\\x9cjW\\x00\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00k\\xec\\x04\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2686
          },
          {
            "timestamp": "2026-04-16 20:06:50,102",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 2687
          },
          {
            "timestamp": "2026-04-16 20:06:50,102",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-3749840076-4109591986-3192690632-1000\\Installer\\Assemblies\\C:|Users|cape|AppData|Local|Temp|client.bin.exe"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-3749840076-4109591986-3192690632-1000\\Installer\\Assemblies\\C:|Users|cape|AppData|Local|Temp|client.bin.exe"
              }
            ],
            "repeated": 0,
            "id": 2688
          },
          {
            "timestamp": "2026-04-16 20:06:50,102",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Installer\\Assemblies\\C:|Users|cape|AppData|Local|Temp|client.bin.exe"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Assemblies\\C:|Users|cape|AppData|Local|Temp|client.bin.exe"
              }
            ],
            "repeated": 0,
            "id": 2689
          },
          {
            "timestamp": "2026-04-16 20:06:50,102",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Classes\\Installer\\Assemblies\\C:|Users|cape|AppData|Local|Temp|client.bin.exe"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\C:|Users|cape|AppData|Local|Temp|client.bin.exe"
              }
            ],
            "repeated": 0,
            "id": 2690
          },
          {
            "timestamp": "2026-04-16 20:06:50,102",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-3749840076-4109591986-3192690632-1000\\Installer\\Assemblies\\Global"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-3749840076-4109591986-3192690632-1000\\Installer\\Assemblies\\Global"
              }
            ],
            "repeated": 0,
            "id": 2691
          },
          {
            "timestamp": "2026-04-16 20:06:50,102",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Installer\\Assemblies\\Global"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Assemblies\\Global"
              }
            ],
            "repeated": 0,
            "id": 2692
          },
          {
            "timestamp": "2026-04-16 20:06:50,102",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Classes\\Installer\\Assemblies\\Global"
              },
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global"
              }
            ],
            "repeated": 0,
            "id": 2693
          },
          {
            "timestamp": "2026-04-16 20:06:50,102",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "ValueName",
                "value": "policy.1.0.cli_uretypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"9.0.0.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\policy.1.0.cli_uretypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"9.0.0.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 2694
          },
          {
            "timestamp": "2026-04-16 20:06:50,102",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "ValueName",
                "value": "cli_cppuhelper,publicKeyToken=\"ce2cb7e279207b9e\",version=\"1.0.23.0\",culture=\"neutral\",processorArchitecture=\"x86\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\cli_cppuhelper,publicKeyToken=\"ce2cb7e279207b9e\",version=\"1.0.23.0\",culture=\"neutral\",processorArchitecture=\"x86\""
              }
            ],
            "repeated": 0,
            "id": 2695
          },
          {
            "timestamp": "2026-04-16 20:06:50,102",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "ValueName",
                "value": "policy.1.0.cli_basetypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"20.0.0.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\policy.1.0.cli_basetypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"20.0.0.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 2696
          },
          {
            "timestamp": "2026-04-16 20:06:50,102",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "ValueName",
                "value": "cli_basetypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"1.0.20.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\cli_basetypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"1.0.20.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 2697
          },
          {
            "timestamp": "2026-04-16 20:06:50,118",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "Index",
                "value": "4"
              },
              {
                "name": "ValueName",
                "value": "cli_oootypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"1.0.9.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\cli_oootypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"1.0.9.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 2698
          },
          {
            "timestamp": "2026-04-16 20:06:50,118",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "Index",
                "value": "5"
              },
              {
                "name": "ValueName",
                "value": "policy.1.0.cli_cppuhelper,publicKeyToken=\"ce2cb7e279207b9e\",version=\"23.0.0.0\",culture=\"neutral\",processorArchitecture=\"x86\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\policy.1.0.cli_cppuhelper,publicKeyToken=\"ce2cb7e279207b9e\",version=\"23.0.0.0\",culture=\"neutral\",processorArchitecture=\"x86\""
              }
            ],
            "repeated": 0,
            "id": 2699
          },
          {
            "timestamp": "2026-04-16 20:06:50,118",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "Index",
                "value": "6"
              },
              {
                "name": "ValueName",
                "value": "policy.1.0.cli_oootypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"9.0.0.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\policy.1.0.cli_oootypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"9.0.0.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 2700
          },
          {
            "timestamp": "2026-04-16 20:06:50,118",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "Index",
                "value": "7"
              },
              {
                "name": "ValueName",
                "value": "cli_uretypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"1.0.9.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\cli_uretypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"1.0.9.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 2701
          },
          {
            "timestamp": "2026-04-16 20:06:50,118",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "Index",
                "value": "8"
              },
              {
                "name": "ValueName",
                "value": "policy.1.0.cli_ure,publicKeyToken=\"ce2cb7e279207b9e\",version=\"23.0.0.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\policy.1.0.cli_ure,publicKeyToken=\"ce2cb7e279207b9e\",version=\"23.0.0.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 2702
          },
          {
            "timestamp": "2026-04-16 20:06:50,118",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "Index",
                "value": "9"
              },
              {
                "name": "ValueName",
                "value": "cli_ure,publicKeyToken=\"ce2cb7e279207b9e\",version=\"1.0.23.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\cli_ure,publicKeyToken=\"ce2cb7e279207b9e\",version=\"1.0.23.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 2703
          },
          {
            "timestamp": "2026-04-16 20:06:50,118",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "Index",
                "value": "10"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "0",
                "pretty_value": "REG_NONE"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\"
              }
            ],
            "repeated": 0,
            "id": 2704
          },
          {
            "timestamp": "2026-04-16 20:06:50,118",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 2705
          },
          {
            "timestamp": "2026-04-16 20:06:50,134",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\culture"
              },
              {
                "name": "DllBase",
                "value": "0x7ffef04d0000"
              }
            ],
            "repeated": 0,
            "id": 2706
          },
          {
            "timestamp": "2026-04-16 20:06:50,134",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x559045b475c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2707
          },
          {
            "timestamp": "2026-04-16 20:06:50,134",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Culture.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffef04d0000"
              }
            ],
            "repeated": 0,
            "id": 2708
          },
          {
            "timestamp": "2026-04-16 20:06:50,134",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ffef04d0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\culture.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 2709
          },
          {
            "timestamp": "2026-04-16 20:06:50,134",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "culture.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffef04d0000"
              },
              {
                "name": "FunctionName",
                "value": "ConvertLangIdToCultureName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffef04d4094"
              }
            ],
            "repeated": 0,
            "id": 2710
          },
          {
            "timestamp": "2026-04-16 20:06:50,149",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\culture"
              },
              {
                "name": "DllBase",
                "value": "0x7ffef04d0000"
              }
            ],
            "repeated": 0,
            "id": 2711
          },
          {
            "timestamp": "2026-04-16 20:06:50,149",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffef04d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 2712
          },
          {
            "timestamp": "2026-04-16 20:06:50,165",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 2713
          },
          {
            "timestamp": "2026-04-16 20:06:50,165",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x559045b75ec",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 2714
          },
          {
            "timestamp": "2026-04-16 20:06:50,165",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\ru-RU\\mscorrc.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 2715
          },
          {
            "timestamp": "2026-04-16 20:06:50,196",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x00de0001",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\ru\\mscorrc.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 2716
          },
          {
            "timestamp": "2026-04-16 20:06:50,259",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x559045b9a1c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2717
          },
          {
            "timestamp": "2026-04-16 20:06:50,259",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045be60c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x053c2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2718
          },
          {
            "timestamp": "2026-04-16 20:06:50,259",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045bfd2c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x053d2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2719
          },
          {
            "timestamp": "2026-04-16 20:06:50,259",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Globalization\\en-us.nlp"
              }
            ],
            "repeated": 0,
            "id": 2720
          },
          {
            "timestamp": "2026-04-16 20:06:50,274",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.config"
              }
            ],
            "repeated": 0,
            "id": 2721
          },
          {
            "timestamp": "2026-04-16 20:06:50,274",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x053e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2722
          },
          {
            "timestamp": "2026-04-16 20:06:50,337",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045bcf5c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000364"
              },
              {
                "name": "SubKey",
                "value": "policy.2.0.mscorlib.resources_ru-RU_b77a5c561934e089"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.mscorlib.resources_ru-RU_b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 2723
          },
          {
            "timestamp": "2026-04-16 20:06:50,337",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045bf5ec",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000328"
              },
              {
                "name": "SubKey",
                "value": "NI\\5e8c75c\\de7da15"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\5e8c75c\\de7da15"
              }
            ],
            "repeated": 0,
            "id": 2724
          },
          {
            "timestamp": "2026-04-16 20:06:50,337",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045bf38c",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_64\\mscorlib.resources\\2.0.0.0_ru-RU_b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 2725
          },
          {
            "timestamp": "2026-04-16 20:06:50,337",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045bf38c",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\2.0.0.0_ru-RU_b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 2726
          },
          {
            "timestamp": "2026-04-16 20:06:50,337",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045bf38c",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC\\mscorlib.resources\\2.0.0.0_ru-RU_b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 2727
          },
          {
            "timestamp": "2026-04-16 20:06:50,337",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045bfe0c",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\mscorlib.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 2728
          },
          {
            "timestamp": "2026-04-16 20:06:50,337",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045bfe0c",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\mscorlib.resources\\mscorlib.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 2729
          },
          {
            "timestamp": "2026-04-16 20:06:50,337",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045bfe0c",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\mscorlib.resources.exe"
              }
            ],
            "repeated": 0,
            "id": 2730
          },
          {
            "timestamp": "2026-04-16 20:06:50,337",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045bfe0c",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\mscorlib.resources\\mscorlib.resources.exe"
              }
            ],
            "repeated": 0,
            "id": 2731
          },
          {
            "timestamp": "2026-04-16 20:06:50,352",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Globalization\\ru.nlp"
              }
            ],
            "repeated": 0,
            "id": 2732
          },
          {
            "timestamp": "2026-04-16 20:06:50,352",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045bcfec",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000364"
              },
              {
                "name": "SubKey",
                "value": "policy.2.0.mscorlib.resources_ru_b77a5c561934e089"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.mscorlib.resources_ru_b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 2733
          },
          {
            "timestamp": "2026-04-16 20:06:50,352",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045bcabc",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000328"
              },
              {
                "name": "SubKey",
                "value": "NI\\5e8c75c\\2f231edf"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\5e8c75c\\2f231edf"
              }
            ],
            "repeated": 0,
            "id": 2734
          },
          {
            "timestamp": "2026-04-16 20:06:50,352",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045bf05c",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_64\\mscorlib.resources\\2.0.0.0_ru_b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 2735
          },
          {
            "timestamp": "2026-04-16 20:06:50,352",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045bf05c",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\2.0.0.0_ru_b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 2736
          },
          {
            "timestamp": "2026-04-16 20:06:50,352",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045bf05c",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\2.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 2737
          },
          {
            "timestamp": "2026-04-16 20:06:50,352",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045bf51c",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 2738
          },
          {
            "timestamp": "2026-04-16 20:06:50,352",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045bf52c",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\2.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2739
          },
          {
            "timestamp": "2026-04-16 20:06:50,352",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2740
          },
          {
            "timestamp": "2026-04-16 20:06:50,352",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2741
          },
          {
            "timestamp": "2026-04-16 20:06:50,446",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045bf52c",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004f8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.Resources\\2.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 2742
          },
          {
            "timestamp": "2026-04-16 20:06:50,446",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045bf5dc",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x4000000e",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004f4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x1e632430"
              },
              {
                "name": "ViewSize",
                "value": "0x00064000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2743
          },
          {
            "timestamp": "2026-04-16 20:06:50,446",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045bf5dc",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x4000000e",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004f4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e890000"
              },
              {
                "name": "SectionOffset",
                "value": "0x1e632430"
              },
              {
                "name": "ViewSize",
                "value": "0x00064000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2744
          },
          {
            "timestamp": "2026-04-16 20:06:50,446",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045bf4dc",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2745
          },
          {
            "timestamp": "2026-04-16 20:06:50,462",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045bfaec",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 2746
          },
          {
            "timestamp": "2026-04-16 20:06:50,462",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\2.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.INI"
              }
            ],
            "repeated": 0,
            "id": 2747
          },
          {
            "timestamp": "2026-04-16 20:06:50,462",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045bfe0c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b103000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2748
          },
          {
            "timestamp": "2026-04-16 20:06:50,462",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045bfd5c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b270000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2749
          },
          {
            "timestamp": "2026-04-16 20:06:50,462",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045bfc6c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b270000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2750
          },
          {
            "timestamp": "2026-04-16 20:06:50,462",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045bfb2c",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\2.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2751
          },
          {
            "timestamp": "2026-04-16 20:06:50,462",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045bfb4c",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004f8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.Resources\\2.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2752
          },
          {
            "timestamp": "2026-04-16 20:06:50,477",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045bfb4c",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.Resources\\2.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2753
          },
          {
            "timestamp": "2026-04-16 20:06:50,477",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045bfbec",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000002"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\2.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00e70000"
              }
            ],
            "repeated": 0,
            "id": 2754
          },
          {
            "timestamp": "2026-04-16 20:06:50,477",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045bfbec",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x00e70000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\2.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000009"
              }
            ],
            "repeated": 0,
            "id": 2755
          },
          {
            "timestamp": "2026-04-16 20:06:50,477",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae93a",
            "parentcaller": "0x559045be5bc",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 2756
          },
          {
            "timestamp": "2026-04-16 20:06:50,556",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae698",
            "parentcaller": "0x7ffe4b1ae9c3",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\mscoree.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef230000"
              }
            ],
            "repeated": 0,
            "id": 2757
          },
          {
            "timestamp": "2026-04-16 20:06:50,587",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae698",
            "parentcaller": "0x7ffe4b1ae9c3",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\diasymreader"
              },
              {
                "name": "DllBase",
                "value": "0x7ffed5620000"
              }
            ],
            "repeated": 0,
            "id": 2758
          },
          {
            "timestamp": "2026-04-16 20:06:50,790",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae698",
            "parentcaller": "0x7ffe4b1ae9c3",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2759
          },
          {
            "timestamp": "2026-04-16 20:06:50,806",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae698",
            "parentcaller": "0x7ffe4b1ae9c3",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\diasymreader.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffed5620000"
              }
            ],
            "repeated": 0,
            "id": 2760
          },
          {
            "timestamp": "2026-04-16 20:06:50,852",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae698",
            "parentcaller": "0x7ffe4b1ae9c3",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\mscoree.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffeef230000"
              }
            ],
            "repeated": 0,
            "id": 2761
          },
          {
            "timestamp": "2026-04-16 20:06:50,868",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2762
          },
          {
            "timestamp": "2026-04-16 20:06:50,868",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2763
          },
          {
            "timestamp": "2026-04-16 20:06:50,884",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffe4b1af000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2764
          },
          {
            "timestamp": "2026-04-16 20:06:50,884",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2765
          },
          {
            "timestamp": "2026-04-16 20:06:50,884",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2766
          },
          {
            "timestamp": "2026-04-16 20:06:50,884",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2767
          },
          {
            "timestamp": "2026-04-16 20:06:50,884",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e065000"
              },
              {
                "name": "RegionSize",
                "value": "0x0006f000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2768
          },
          {
            "timestamp": "2026-04-16 20:06:50,884",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae4a4",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c4d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2769
          },
          {
            "timestamp": "2026-04-16 20:06:50,884",
            "thread_id": "1124",
            "caller": "0x7ffe4b1af13d",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c4d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2770
          },
          {
            "timestamp": "2026-04-16 20:06:50,884",
            "thread_id": "1124",
            "caller": "0x7ffe4b1af13d",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e065000"
              },
              {
                "name": "RegionSize",
                "value": "0x0006f000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2771
          },
          {
            "timestamp": "2026-04-16 20:06:50,899",
            "thread_id": "1124",
            "caller": "0x7ffe4b1af13d",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e066000"
              },
              {
                "name": "RegionSize",
                "value": "0x0006e000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2772
          },
          {
            "timestamp": "2026-04-16 20:06:50,899",
            "thread_id": "1124",
            "caller": "0x7ffe4b1af13d",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c4d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2773
          },
          {
            "timestamp": "2026-04-16 20:06:50,899",
            "thread_id": "1124",
            "caller": "0x7ffe4b1af13d",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c5d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2774
          },
          {
            "timestamp": "2026-04-16 20:06:50,899",
            "thread_id": "1124",
            "caller": "0x7ffe4b1af13d",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c34000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2775
          },
          {
            "timestamp": "2026-04-16 20:06:50,899",
            "thread_id": "160",
            "caller": "0x7ffefe85ed8a",
            "parentcaller": "0x7ffefe87db07",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c4d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2776
          },
          {
            "timestamp": "2026-04-16 20:06:50,899",
            "thread_id": "160",
            "caller": "0x7ffefe85ed8a",
            "parentcaller": "0x7ffefe87db07",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c34000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2777
          },
          {
            "timestamp": "2026-04-16 20:06:50,899",
            "thread_id": "160",
            "caller": "0x7ffe4b1af620",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 2778
          },
          {
            "timestamp": "2026-04-16 20:06:51,384",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2779
          },
          {
            "timestamp": "2026-04-16 20:06:51,384",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2780
          },
          {
            "timestamp": "2026-04-16 20:06:51,899",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2781
          },
          {
            "timestamp": "2026-04-16 20:06:51,899",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2782
          },
          {
            "timestamp": "2026-04-16 20:06:52,415",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2783
          },
          {
            "timestamp": "2026-04-16 20:06:52,415",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2784
          },
          {
            "timestamp": "2026-04-16 20:06:52,931",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2785
          },
          {
            "timestamp": "2026-04-16 20:06:52,931",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2786
          },
          {
            "timestamp": "2026-04-16 20:06:53,446",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2787
          },
          {
            "timestamp": "2026-04-16 20:06:53,446",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2788
          },
          {
            "timestamp": "2026-04-16 20:06:53,962",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2789
          },
          {
            "timestamp": "2026-04-16 20:06:53,962",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2790
          },
          {
            "timestamp": "2026-04-16 20:06:54,477",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2791
          },
          {
            "timestamp": "2026-04-16 20:06:54,477",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2792
          },
          {
            "timestamp": "2026-04-16 20:06:54,915",
            "thread_id": "160",
            "caller": "0x7ffe4b19957d",
            "parentcaller": "0x7ffe4b1993b7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x15341000"
              },
              {
                "name": "RegionSize",
                "value": "0x00021000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2793
          },
          {
            "timestamp": "2026-04-16 20:06:54,915",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac080",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000508",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1288"
              }
            ],
            "repeated": 0,
            "id": 2794
          },
          {
            "timestamp": "2026-04-16 20:06:54,915",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac0ba",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1288"
              },
              {
                "name": "level",
                "value": "0x7ffe0000ffff"
              },
              {
                "name": "optname",
                "value": "0x7ffe00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2795
          },
          {
            "timestamp": "2026-04-16 20:06:54,915",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1288"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2796
          },
          {
            "timestamp": "2026-04-16 20:06:54,915",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000508"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x10w\\xf1\\xaa\\xfe\\x7f\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2797
          },
          {
            "timestamp": "2026-04-16 20:06:54,915",
            "thread_id": "160",
            "caller": "0x7ffe4b1ae05a",
            "parentcaller": "0x7ffe4b1ac15a",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1288"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "127.0.0.1"
              },
              {
                "name": "port",
                "value": "9033"
              }
            ],
            "repeated": 0,
            "id": 2798
          },
          {
            "timestamp": "2026-04-16 20:06:54,915",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 2,
            "id": 2799
          },
          {
            "timestamp": "2026-04-16 20:06:54,993",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2800
          },
          {
            "timestamp": "2026-04-16 20:06:54,993",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2801
          },
          {
            "timestamp": "2026-04-16 20:06:55,009",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 2802
          },
          {
            "timestamp": "2026-04-16 20:06:55,524",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2803
          },
          {
            "timestamp": "2026-04-16 20:06:55,524",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2804
          },
          {
            "timestamp": "2026-04-16 20:06:55,540",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 16,
            "id": 2805
          },
          {
            "timestamp": "2026-04-16 20:06:56,040",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2806
          },
          {
            "timestamp": "2026-04-16 20:06:56,040",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2807
          },
          {
            "timestamp": "2026-04-16 20:06:56,071",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 14,
            "id": 2808
          },
          {
            "timestamp": "2026-04-16 20:06:56,556",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2809
          },
          {
            "timestamp": "2026-04-16 20:06:56,556",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2810
          },
          {
            "timestamp": "2026-04-16 20:06:56,571",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 11,
            "id": 2811
          },
          {
            "timestamp": "2026-04-16 20:06:56,931",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae78d",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1288"
              }
            ],
            "repeated": 0,
            "id": 2812
          },
          {
            "timestamp": "2026-04-16 20:06:56,946",
            "thread_id": "160",
            "caller": "0x7ffe4b1af620",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 2813
          },
          {
            "timestamp": "2026-04-16 20:06:57,071",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2814
          },
          {
            "timestamp": "2026-04-16 20:06:57,071",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2815
          },
          {
            "timestamp": "2026-04-16 20:06:57,587",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2816
          },
          {
            "timestamp": "2026-04-16 20:06:57,587",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2817
          },
          {
            "timestamp": "2026-04-16 20:06:58,102",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2818
          },
          {
            "timestamp": "2026-04-16 20:06:58,102",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2819
          },
          {
            "timestamp": "2026-04-16 20:06:58,618",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2820
          },
          {
            "timestamp": "2026-04-16 20:06:58,618",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2821
          },
          {
            "timestamp": "2026-04-16 20:06:59,134",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2822
          },
          {
            "timestamp": "2026-04-16 20:06:59,134",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2823
          },
          {
            "timestamp": "2026-04-16 20:06:59,649",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2824
          },
          {
            "timestamp": "2026-04-16 20:06:59,649",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2825
          },
          {
            "timestamp": "2026-04-16 20:07:00,165",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2826
          },
          {
            "timestamp": "2026-04-16 20:07:00,165",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2827
          },
          {
            "timestamp": "2026-04-16 20:07:00,681",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2828
          },
          {
            "timestamp": "2026-04-16 20:07:00,681",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2829
          },
          {
            "timestamp": "2026-04-16 20:07:00,962",
            "thread_id": "160",
            "caller": "0x7ffe4b19957d",
            "parentcaller": "0x7ffe4b1993b7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x15362000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2830
          },
          {
            "timestamp": "2026-04-16 20:07:00,962",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac080",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x000004fc",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1276"
              }
            ],
            "repeated": 0,
            "id": 2831
          },
          {
            "timestamp": "2026-04-16 20:07:00,962",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac0ba",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1276"
              },
              {
                "name": "level",
                "value": "0x7ffe0000ffff"
              },
              {
                "name": "optname",
                "value": "0x7ffe00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2832
          },
          {
            "timestamp": "2026-04-16 20:07:00,962",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1276"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2833
          },
          {
            "timestamp": "2026-04-16 20:07:00,962",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004fc"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x10w\\xf1\\xaa\\xfe\\x7f\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2834
          },
          {
            "timestamp": "2026-04-16 20:07:00,962",
            "thread_id": "160",
            "caller": "0x7ffe4b1ae05a",
            "parentcaller": "0x7ffe4b1ac15a",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1276"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "127.0.0.1"
              },
              {
                "name": "port",
                "value": "9033"
              }
            ],
            "repeated": 0,
            "id": 2835
          },
          {
            "timestamp": "2026-04-16 20:07:00,962",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 7,
            "id": 2836
          },
          {
            "timestamp": "2026-04-16 20:07:01,196",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2837
          },
          {
            "timestamp": "2026-04-16 20:07:01,196",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2838
          },
          {
            "timestamp": "2026-04-16 20:07:01,212",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 16,
            "id": 2839
          },
          {
            "timestamp": "2026-04-16 20:07:01,712",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2840
          },
          {
            "timestamp": "2026-04-16 20:07:01,712",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2841
          },
          {
            "timestamp": "2026-04-16 20:07:01,743",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 2842
          },
          {
            "timestamp": "2026-04-16 20:07:02,227",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2843
          },
          {
            "timestamp": "2026-04-16 20:07:02,227",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2844
          },
          {
            "timestamp": "2026-04-16 20:07:02,243",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 16,
            "id": 2845
          },
          {
            "timestamp": "2026-04-16 20:07:02,743",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2846
          },
          {
            "timestamp": "2026-04-16 20:07:02,743",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2847
          },
          {
            "timestamp": "2026-04-16 20:07:02,774",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 7,
            "id": 2848
          },
          {
            "timestamp": "2026-04-16 20:07:03,009",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae78d",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1276"
              }
            ],
            "repeated": 0,
            "id": 2849
          },
          {
            "timestamp": "2026-04-16 20:07:03,024",
            "thread_id": "160",
            "caller": "0x7ffe4b1af620",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 2850
          },
          {
            "timestamp": "2026-04-16 20:07:03,259",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2851
          },
          {
            "timestamp": "2026-04-16 20:07:03,259",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2852
          },
          {
            "timestamp": "2026-04-16 20:07:03,774",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2853
          },
          {
            "timestamp": "2026-04-16 20:07:03,774",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2854
          },
          {
            "timestamp": "2026-04-16 20:07:04,274",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2855
          },
          {
            "timestamp": "2026-04-16 20:07:04,274",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2856
          },
          {
            "timestamp": "2026-04-16 20:07:04,790",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2857
          },
          {
            "timestamp": "2026-04-16 20:07:04,790",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2858
          },
          {
            "timestamp": "2026-04-16 20:07:04,868",
            "thread_id": "1048",
            "caller": "0x7ffeaaa04a01",
            "parentcaller": "0x7ffeaaa049bd",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "16"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "1048"
              }
            ],
            "repeated": 0,
            "id": 2859
          },
          {
            "timestamp": "2026-04-16 20:07:04,868",
            "thread_id": "1048",
            "caller": "0x7ffefc5b53dc",
            "parentcaller": "0x7ffeaacedd37",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefd110000"
              },
              {
                "name": "FunctionName",
                "value": "CoUninitialize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ffefccdde50"
              }
            ],
            "repeated": 0,
            "id": 2860
          },
          {
            "timestamp": "2026-04-16 20:07:04,868",
            "thread_id": "1048",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffefccdea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe4a0000"
              }
            ],
            "repeated": 0,
            "id": 2861
          },
          {
            "timestamp": "2026-04-16 20:07:04,868",
            "thread_id": "1048",
            "caller": "0x7ffefe897870",
            "parentcaller": "0x7ffefe8820f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefcfe1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2862
          },
          {
            "timestamp": "2026-04-16 20:07:04,868",
            "thread_id": "1048",
            "caller": "0x7ffefe8978c1",
            "parentcaller": "0x7ffefe8820f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ffefcfe1000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2863
          },
          {
            "timestamp": "2026-04-16 20:07:04,868",
            "thread_id": "1048",
            "caller": "0x7ffefc5da405",
            "parentcaller": "0x7ffeaabf128e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 2864
          },
          {
            "timestamp": "2026-04-16 20:07:04,868",
            "thread_id": "1048",
            "caller": "0x7ffefe8a466e",
            "parentcaller": "0x7ffefe3f703d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "1048"
              }
            ],
            "repeated": 0,
            "id": 2865
          },
          {
            "timestamp": "2026-04-16 20:07:04,868",
            "thread_id": "1048",
            "caller": "0x7ffefe8a468e",
            "parentcaller": "0x7ffefe3f703d",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2866
          },
          {
            "timestamp": "2026-04-16 20:07:05,306",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2867
          },
          {
            "timestamp": "2026-04-16 20:07:05,306",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2868
          },
          {
            "timestamp": "2026-04-16 20:07:05,821",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2869
          },
          {
            "timestamp": "2026-04-16 20:07:05,821",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2870
          },
          {
            "timestamp": "2026-04-16 20:07:06,337",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2871
          },
          {
            "timestamp": "2026-04-16 20:07:06,337",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2872
          },
          {
            "timestamp": "2026-04-16 20:07:06,852",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2873
          },
          {
            "timestamp": "2026-04-16 20:07:06,852",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2874
          },
          {
            "timestamp": "2026-04-16 20:07:07,040",
            "thread_id": "160",
            "caller": "0x7ffe4b19957d",
            "parentcaller": "0x7ffe4b1993b7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x15382000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2875
          },
          {
            "timestamp": "2026-04-16 20:07:07,040",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac080",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000508",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1288"
              }
            ],
            "repeated": 0,
            "id": 2876
          },
          {
            "timestamp": "2026-04-16 20:07:07,040",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac0ba",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1288"
              },
              {
                "name": "level",
                "value": "0x7ffe0000ffff"
              },
              {
                "name": "optname",
                "value": "0x7ffe00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2877
          },
          {
            "timestamp": "2026-04-16 20:07:07,040",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1288"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2878
          },
          {
            "timestamp": "2026-04-16 20:07:07,040",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000508"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x10w\\xf1\\xaa\\xfe\\x7f\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2879
          },
          {
            "timestamp": "2026-04-16 20:07:07,040",
            "thread_id": "160",
            "caller": "0x7ffe4b1ae05a",
            "parentcaller": "0x7ffe4b1ac15a",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1288"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "127.0.0.1"
              },
              {
                "name": "port",
                "value": "9033"
              }
            ],
            "repeated": 0,
            "id": 2880
          },
          {
            "timestamp": "2026-04-16 20:07:07,040",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 9,
            "id": 2881
          },
          {
            "timestamp": "2026-04-16 20:07:07,368",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2882
          },
          {
            "timestamp": "2026-04-16 20:07:07,368",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2883
          },
          {
            "timestamp": "2026-04-16 20:07:07,384",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 16,
            "id": 2884
          },
          {
            "timestamp": "2026-04-16 20:07:07,884",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2885
          },
          {
            "timestamp": "2026-04-16 20:07:07,884",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2886
          },
          {
            "timestamp": "2026-04-16 20:07:07,915",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 2887
          },
          {
            "timestamp": "2026-04-16 20:07:08,399",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2888
          },
          {
            "timestamp": "2026-04-16 20:07:08,399",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2889
          },
          {
            "timestamp": "2026-04-16 20:07:08,415",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 4,
            "id": 2890
          },
          {
            "timestamp": "2026-04-16 20:07:08,540",
            "thread_id": "4860",
            "caller": "0x7ffe4b196d1f",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20000"
              }
            ],
            "repeated": 0,
            "id": 2891
          },
          {
            "timestamp": "2026-04-16 20:07:08,571",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 11,
            "id": 2892
          },
          {
            "timestamp": "2026-04-16 20:07:08,915",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2893
          },
          {
            "timestamp": "2026-04-16 20:07:08,915",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2894
          },
          {
            "timestamp": "2026-04-16 20:07:08,946",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 3,
            "id": 2895
          },
          {
            "timestamp": "2026-04-16 20:07:09,056",
            "thread_id": "1124",
            "caller": "0x7ffefc5e55ef",
            "parentcaller": "0x7ffefe3fb5dd",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00c26400"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "7372"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              },
              {
                "name": "Module",
                "value": "mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 2896
          },
          {
            "timestamp": "2026-04-16 20:07:09,056",
            "thread_id": "1124",
            "caller": "0x7ffefc5e55ef",
            "parentcaller": "0x7ffefe3fb5dd",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x0000050c",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00c26400"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "7372"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 2897
          },
          {
            "timestamp": "2026-04-16 20:07:09,056",
            "thread_id": "1124",
            "caller": "0x7ffefc627bc0",
            "parentcaller": "0x7ffeaaca89a2",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000050c"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "7372"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 2898
          },
          {
            "timestamp": "2026-04-16 20:07:09,056",
            "thread_id": "1124",
            "caller": "0x7ffe4b1ae78d",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1288"
              }
            ],
            "repeated": 0,
            "id": 2899
          },
          {
            "timestamp": "2026-04-16 20:07:09,056",
            "thread_id": "7372",
            "caller": "0x7ffefe85ed8a",
            "parentcaller": "0x7ffefe87db07",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c5d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2900
          },
          {
            "timestamp": "2026-04-16 20:07:09,056",
            "thread_id": "7372",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffefc5e2d56",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              }
            ],
            "repeated": 0,
            "id": 2901
          },
          {
            "timestamp": "2026-04-16 20:07:09,056",
            "thread_id": "7372",
            "caller": "0x7ffefe8c4fed",
            "parentcaller": "0x7ffefe8c4bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2902
          },
          {
            "timestamp": "2026-04-16 20:07:09,056",
            "thread_id": "7372",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00c26400"
              }
            ],
            "repeated": 0,
            "id": 2903
          },
          {
            "timestamp": "2026-04-16 20:07:09,056",
            "thread_id": "7372",
            "caller": "0x7ffeaacb620d",
            "parentcaller": "0x7ffeaa87894f",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "16384"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2904
          },
          {
            "timestamp": "2026-04-16 20:07:09,056",
            "thread_id": "7372",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaa878a03",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e641000"
              },
              {
                "name": "RegionSize",
                "value": "0x000f7000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2905
          },
          {
            "timestamp": "2026-04-16 20:07:09,071",
            "thread_id": "160",
            "caller": "0x7ffe4b1af620",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 2906
          },
          {
            "timestamp": "2026-04-16 20:07:09,431",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2907
          },
          {
            "timestamp": "2026-04-16 20:07:09,431",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2908
          },
          {
            "timestamp": "2026-04-16 20:07:09,946",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2909
          },
          {
            "timestamp": "2026-04-16 20:07:09,946",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2910
          },
          {
            "timestamp": "2026-04-16 20:07:10,462",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2911
          },
          {
            "timestamp": "2026-04-16 20:07:10,462",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2912
          },
          {
            "timestamp": "2026-04-16 20:07:10,977",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2913
          },
          {
            "timestamp": "2026-04-16 20:07:10,977",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2914
          },
          {
            "timestamp": "2026-04-16 20:07:11,493",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2915
          },
          {
            "timestamp": "2026-04-16 20:07:11,493",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2916
          },
          {
            "timestamp": "2026-04-16 20:07:12,009",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2917
          },
          {
            "timestamp": "2026-04-16 20:07:12,009",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2918
          },
          {
            "timestamp": "2026-04-16 20:07:12,524",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2919
          },
          {
            "timestamp": "2026-04-16 20:07:12,524",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2920
          },
          {
            "timestamp": "2026-04-16 20:07:13,040",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2921
          },
          {
            "timestamp": "2026-04-16 20:07:13,040",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2922
          },
          {
            "timestamp": "2026-04-16 20:07:13,087",
            "thread_id": "160",
            "caller": "0x7ffe4b19957d",
            "parentcaller": "0x7ffe4b1993b7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x153a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2923
          },
          {
            "timestamp": "2026-04-16 20:07:13,087",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac080",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000508",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1288"
              }
            ],
            "repeated": 0,
            "id": 2924
          },
          {
            "timestamp": "2026-04-16 20:07:13,087",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac0ba",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1288"
              },
              {
                "name": "level",
                "value": "0x7ffe0000ffff"
              },
              {
                "name": "optname",
                "value": "0x7ffe00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2925
          },
          {
            "timestamp": "2026-04-16 20:07:13,087",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1288"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2926
          },
          {
            "timestamp": "2026-04-16 20:07:13,087",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000508"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x10w\\xf1\\xaa\\xfe\\x7f\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2927
          },
          {
            "timestamp": "2026-04-16 20:07:13,087",
            "thread_id": "160",
            "caller": "0x7ffe4b1ae05a",
            "parentcaller": "0x7ffe4b1ac15a",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1288"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "127.0.0.1"
              },
              {
                "name": "port",
                "value": "9033"
              }
            ],
            "repeated": 0,
            "id": 2928
          },
          {
            "timestamp": "2026-04-16 20:07:13,087",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 2929
          },
          {
            "timestamp": "2026-04-16 20:07:13,556",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2930
          },
          {
            "timestamp": "2026-04-16 20:07:13,556",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2931
          },
          {
            "timestamp": "2026-04-16 20:07:13,587",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 2932
          },
          {
            "timestamp": "2026-04-16 20:07:14,071",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2933
          },
          {
            "timestamp": "2026-04-16 20:07:14,071",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2934
          },
          {
            "timestamp": "2026-04-16 20:07:14,087",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 2935
          },
          {
            "timestamp": "2026-04-16 20:07:14,587",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2936
          },
          {
            "timestamp": "2026-04-16 20:07:14,587",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 2937
          },
          {
            "timestamp": "2026-04-16 20:07:14,587",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2938
          },
          {
            "timestamp": "2026-04-16 20:07:14,618",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 2,
            "id": 2939
          },
          {
            "timestamp": "2026-04-16 20:07:14,696",
            "thread_id": "7340",
            "caller": "0x7ffefe85e715",
            "parentcaller": "0x7ffefe85e37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00c88000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2940
          },
          {
            "timestamp": "2026-04-16 20:07:14,696",
            "thread_id": "7340",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffefc5e2d56",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              }
            ],
            "repeated": 0,
            "id": 2941
          },
          {
            "timestamp": "2026-04-16 20:07:14,696",
            "thread_id": "7340",
            "caller": "0x7ffefe8c4fed",
            "parentcaller": "0x7ffefe8c4bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2942
          },
          {
            "timestamp": "2026-04-16 20:07:14,696",
            "thread_id": "7340",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ffefe8a2b20"
              },
              {
                "name": "Parameter",
                "value": "0x00c1a6e0"
              }
            ],
            "repeated": 0,
            "id": 2943
          },
          {
            "timestamp": "2026-04-16 20:07:14,712",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 1,
            "id": 2944
          },
          {
            "timestamp": "2026-04-16 20:07:14,759",
            "thread_id": "7340",
            "caller": "0x7ffefc60028c",
            "parentcaller": "0x7ffefe5c4b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000518"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 2945
          },
          {
            "timestamp": "2026-04-16 20:07:14,759",
            "thread_id": "7340",
            "caller": "0x7ffefe5bfbd2",
            "parentcaller": "0x7ffefe5bfb34",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000458"
              }
            ],
            "repeated": 0,
            "id": 2946
          },
          {
            "timestamp": "2026-04-16 20:07:14,759",
            "thread_id": "4392",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffefc5e2d56",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              }
            ],
            "repeated": 0,
            "id": 2947
          },
          {
            "timestamp": "2026-04-16 20:07:14,759",
            "thread_id": "4392",
            "caller": "0x7ffefe8c4fed",
            "parentcaller": "0x7ffefe8c4bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2948
          },
          {
            "timestamp": "2026-04-16 20:07:14,759",
            "thread_id": "4392",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ffefe8a2b20"
              },
              {
                "name": "Parameter",
                "value": "0x00c1a6e0"
              }
            ],
            "repeated": 0,
            "id": 2949
          },
          {
            "timestamp": "2026-04-16 20:07:14,774",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 10,
            "id": 2950
          },
          {
            "timestamp": "2026-04-16 20:07:15,102",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2951
          },
          {
            "timestamp": "2026-04-16 20:07:15,102",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2952
          },
          {
            "timestamp": "2026-04-16 20:07:15,102",
            "thread_id": "7372",
            "caller": "0x7ffefc618e6e",
            "parentcaller": "0x7ffeaaca8b2f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x8a\\x00\\x00\\x00\\x00\\x00<\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\xcc\\x1c\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7372"
              }
            ],
            "repeated": 0,
            "id": 2953
          },
          {
            "timestamp": "2026-04-16 20:07:15,102",
            "thread_id": "7372",
            "caller": "0x7ffe4b1ae78d",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1288"
              }
            ],
            "repeated": 0,
            "id": 2954
          },
          {
            "timestamp": "2026-04-16 20:07:15,118",
            "thread_id": "160",
            "caller": "0x7ffe4b1af620",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 2955
          },
          {
            "timestamp": "2026-04-16 20:07:15,618",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2956
          },
          {
            "timestamp": "2026-04-16 20:07:15,618",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2957
          },
          {
            "timestamp": "2026-04-16 20:07:16,134",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2958
          },
          {
            "timestamp": "2026-04-16 20:07:16,134",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2959
          },
          {
            "timestamp": "2026-04-16 20:07:16,634",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2960
          },
          {
            "timestamp": "2026-04-16 20:07:16,634",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2961
          },
          {
            "timestamp": "2026-04-16 20:07:17,149",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2962
          },
          {
            "timestamp": "2026-04-16 20:07:17,149",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2963
          },
          {
            "timestamp": "2026-04-16 20:07:17,665",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2964
          },
          {
            "timestamp": "2026-04-16 20:07:17,665",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2965
          },
          {
            "timestamp": "2026-04-16 20:07:18,165",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2966
          },
          {
            "timestamp": "2026-04-16 20:07:18,165",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2967
          },
          {
            "timestamp": "2026-04-16 20:07:18,681",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2968
          },
          {
            "timestamp": "2026-04-16 20:07:18,681",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2969
          },
          {
            "timestamp": "2026-04-16 20:07:19,118",
            "thread_id": "160",
            "caller": "0x7ffe4b19957d",
            "parentcaller": "0x7ffe4b1993b7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x153c2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2970
          },
          {
            "timestamp": "2026-04-16 20:07:19,118",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac080",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000508",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1288"
              }
            ],
            "repeated": 0,
            "id": 2971
          },
          {
            "timestamp": "2026-04-16 20:07:19,118",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac0ba",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1288"
              },
              {
                "name": "level",
                "value": "0x7ffe0000ffff"
              },
              {
                "name": "optname",
                "value": "0x7ffe00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2972
          },
          {
            "timestamp": "2026-04-16 20:07:19,118",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1288"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2973
          },
          {
            "timestamp": "2026-04-16 20:07:19,118",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000508"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x10w\\xf1\\xaa\\xfe\\x7f\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2974
          },
          {
            "timestamp": "2026-04-16 20:07:19,118",
            "thread_id": "160",
            "caller": "0x7ffe4b1ae05a",
            "parentcaller": "0x7ffe4b1ac15a",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1288"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "127.0.0.1"
              },
              {
                "name": "port",
                "value": "9033"
              }
            ],
            "repeated": 0,
            "id": 2975
          },
          {
            "timestamp": "2026-04-16 20:07:19,118",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 2,
            "id": 2976
          },
          {
            "timestamp": "2026-04-16 20:07:19,196",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2977
          },
          {
            "timestamp": "2026-04-16 20:07:19,196",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2978
          },
          {
            "timestamp": "2026-04-16 20:07:19,212",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 2979
          },
          {
            "timestamp": "2026-04-16 20:07:19,712",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2980
          },
          {
            "timestamp": "2026-04-16 20:07:19,712",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2981
          },
          {
            "timestamp": "2026-04-16 20:07:19,727",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 16,
            "id": 2982
          },
          {
            "timestamp": "2026-04-16 20:07:20,227",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2983
          },
          {
            "timestamp": "2026-04-16 20:07:20,227",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2984
          },
          {
            "timestamp": "2026-04-16 20:07:20,259",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 2985
          },
          {
            "timestamp": "2026-04-16 20:07:20,743",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2986
          },
          {
            "timestamp": "2026-04-16 20:07:20,743",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2987
          },
          {
            "timestamp": "2026-04-16 20:07:20,759",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 13,
            "id": 2988
          },
          {
            "timestamp": "2026-04-16 20:07:21,165",
            "thread_id": "7372",
            "caller": "0x7ffe4b1ae78d",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1288"
              }
            ],
            "repeated": 0,
            "id": 2989
          },
          {
            "timestamp": "2026-04-16 20:07:21,196",
            "thread_id": "160",
            "caller": "0x7ffe4b1af620",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 2990
          },
          {
            "timestamp": "2026-04-16 20:07:21,259",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2991
          },
          {
            "timestamp": "2026-04-16 20:07:21,259",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2992
          },
          {
            "timestamp": "2026-04-16 20:07:21,774",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2993
          },
          {
            "timestamp": "2026-04-16 20:07:21,774",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2994
          },
          {
            "timestamp": "2026-04-16 20:07:22,290",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2995
          },
          {
            "timestamp": "2026-04-16 20:07:22,290",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2996
          },
          {
            "timestamp": "2026-04-16 20:07:22,806",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2997
          },
          {
            "timestamp": "2026-04-16 20:07:22,806",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2998
          },
          {
            "timestamp": "2026-04-16 20:07:23,321",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2999
          },
          {
            "timestamp": "2026-04-16 20:07:23,321",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3000
          },
          {
            "timestamp": "2026-04-16 20:07:23,852",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3001
          },
          {
            "timestamp": "2026-04-16 20:07:23,852",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3002
          },
          {
            "timestamp": "2026-04-16 20:07:24,056",
            "thread_id": "1124",
            "caller": "0x7ffeaaa04a01",
            "parentcaller": "0x7ffeaaa049bd",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "16"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "1124"
              }
            ],
            "repeated": 0,
            "id": 3003
          },
          {
            "timestamp": "2026-04-16 20:07:24,056",
            "thread_id": "1124",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffefccdea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe4a0000"
              }
            ],
            "repeated": 0,
            "id": 3004
          },
          {
            "timestamp": "2026-04-16 20:07:24,056",
            "thread_id": "1124",
            "caller": "0x7ffefe8a466e",
            "parentcaller": "0x7ffefe3f703d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "1124"
              }
            ],
            "repeated": 0,
            "id": 3005
          },
          {
            "timestamp": "2026-04-16 20:07:24,056",
            "thread_id": "1124",
            "caller": "0x7ffefb66e309",
            "parentcaller": "0x7ffefb671c15",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 3006
          },
          {
            "timestamp": "2026-04-16 20:07:24,056",
            "thread_id": "1124",
            "caller": "0x7ffefe8a468e",
            "parentcaller": "0x7ffefe3f703d",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3007
          },
          {
            "timestamp": "2026-04-16 20:07:24,368",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3008
          },
          {
            "timestamp": "2026-04-16 20:07:24,368",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3009
          },
          {
            "timestamp": "2026-04-16 20:07:24,884",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3010
          },
          {
            "timestamp": "2026-04-16 20:07:24,884",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3011
          },
          {
            "timestamp": "2026-04-16 20:07:25,212",
            "thread_id": "160",
            "caller": "0x7ffe4b19957d",
            "parentcaller": "0x7ffe4b1993b7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x153e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3012
          },
          {
            "timestamp": "2026-04-16 20:07:25,212",
            "thread_id": "160",
            "caller": "0x7ffe4b19961c",
            "parentcaller": "0x7ffe4b1993b7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x053f2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3013
          },
          {
            "timestamp": "2026-04-16 20:07:25,212",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac080",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x000004e0",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1248"
              }
            ],
            "repeated": 0,
            "id": 3014
          },
          {
            "timestamp": "2026-04-16 20:07:25,212",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac0ba",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1248"
              },
              {
                "name": "level",
                "value": "0x7ffe0000ffff"
              },
              {
                "name": "optname",
                "value": "0x7ffe00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3015
          },
          {
            "timestamp": "2026-04-16 20:07:25,212",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1248"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3016
          },
          {
            "timestamp": "2026-04-16 20:07:25,212",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x10w\\xf1\\xaa\\xfe\\x7f\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3017
          },
          {
            "timestamp": "2026-04-16 20:07:25,212",
            "thread_id": "160",
            "caller": "0x7ffe4b1ae05a",
            "parentcaller": "0x7ffe4b1ac15a",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1248"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "127.0.0.1"
              },
              {
                "name": "port",
                "value": "9033"
              }
            ],
            "repeated": 0,
            "id": 3018
          },
          {
            "timestamp": "2026-04-16 20:07:25,212",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 6,
            "id": 3019
          },
          {
            "timestamp": "2026-04-16 20:07:25,399",
            "thread_id": "7696",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3020
          },
          {
            "timestamp": "2026-04-16 20:07:25,399",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3021
          },
          {
            "timestamp": "2026-04-16 20:07:25,431",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 3022
          },
          {
            "timestamp": "2026-04-16 20:07:25,915",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3023
          },
          {
            "timestamp": "2026-04-16 20:07:25,915",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3024
          },
          {
            "timestamp": "2026-04-16 20:07:25,931",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 3025
          },
          {
            "timestamp": "2026-04-16 20:07:26,415",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3026
          },
          {
            "timestamp": "2026-04-16 20:07:26,415",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3027
          },
          {
            "timestamp": "2026-04-16 20:07:26,431",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 16,
            "id": 3028
          },
          {
            "timestamp": "2026-04-16 20:07:26,931",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3029
          },
          {
            "timestamp": "2026-04-16 20:07:26,931",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3030
          },
          {
            "timestamp": "2026-04-16 20:07:26,962",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 9,
            "id": 3031
          },
          {
            "timestamp": "2026-04-16 20:07:27,243",
            "thread_id": "7372",
            "caller": "0x7ffefc5e55ef",
            "parentcaller": "0x7ffefe3fb5dd",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000528"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00c42910"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "1656"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              },
              {
                "name": "Module",
                "value": "mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 3032
          },
          {
            "timestamp": "2026-04-16 20:07:27,243",
            "thread_id": "7372",
            "caller": "0x7ffefc5e55ef",
            "parentcaller": "0x7ffefe3fb5dd",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x00000528",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00c42910"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "1656"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 3033
          },
          {
            "timestamp": "2026-04-16 20:07:27,243",
            "thread_id": "7372",
            "caller": "0x7ffefc627bc0",
            "parentcaller": "0x7ffeaaca89a2",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000528"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "1656"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 3034
          },
          {
            "timestamp": "2026-04-16 20:07:27,243",
            "thread_id": "7372",
            "caller": "0x7ffe4b1ae78d",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1248"
              }
            ],
            "repeated": 0,
            "id": 3035
          },
          {
            "timestamp": "2026-04-16 20:07:27,243",
            "thread_id": "1656",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffefc5e2d56",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              }
            ],
            "repeated": 0,
            "id": 3036
          },
          {
            "timestamp": "2026-04-16 20:07:27,243",
            "thread_id": "1656",
            "caller": "0x7ffefe8c4fed",
            "parentcaller": "0x7ffefe8c4bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3037
          },
          {
            "timestamp": "2026-04-16 20:07:27,243",
            "thread_id": "1656",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00c42910"
              }
            ],
            "repeated": 0,
            "id": 3038
          },
          {
            "timestamp": "2026-04-16 20:07:27,243",
            "thread_id": "1656",
            "caller": "0x7ffeaacb620d",
            "parentcaller": "0x7ffeaa87894f",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "16384"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3039
          },
          {
            "timestamp": "2026-04-16 20:07:27,243",
            "thread_id": "1656",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaa878a03",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e541000"
              },
              {
                "name": "RegionSize",
                "value": "0x000f7000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3040
          },
          {
            "timestamp": "2026-04-16 20:07:27,274",
            "thread_id": "160",
            "caller": "0x7ffe4b1af620",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 3041
          },
          {
            "timestamp": "2026-04-16 20:07:27,446",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3042
          },
          {
            "timestamp": "2026-04-16 20:07:27,446",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3043
          },
          {
            "timestamp": "2026-04-16 20:07:27,962",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3044
          },
          {
            "timestamp": "2026-04-16 20:07:27,962",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3045
          },
          {
            "timestamp": "2026-04-16 20:07:28,477",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3046
          },
          {
            "timestamp": "2026-04-16 20:07:28,477",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3047
          },
          {
            "timestamp": "2026-04-16 20:07:28,556",
            "thread_id": "4860",
            "caller": "0x7ffe4b196d1f",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20000"
              }
            ],
            "repeated": 0,
            "id": 3048
          },
          {
            "timestamp": "2026-04-16 20:07:28,993",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3049
          },
          {
            "timestamp": "2026-04-16 20:07:28,993",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3050
          },
          {
            "timestamp": "2026-04-16 20:07:29,509",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3051
          },
          {
            "timestamp": "2026-04-16 20:07:29,509",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3052
          },
          {
            "timestamp": "2026-04-16 20:07:30,009",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3053
          },
          {
            "timestamp": "2026-04-16 20:07:30,009",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3054
          },
          {
            "timestamp": "2026-04-16 20:07:30,524",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3055
          },
          {
            "timestamp": "2026-04-16 20:07:30,524",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3056
          },
          {
            "timestamp": "2026-04-16 20:07:31,040",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3057
          },
          {
            "timestamp": "2026-04-16 20:07:31,040",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3058
          },
          {
            "timestamp": "2026-04-16 20:07:31,290",
            "thread_id": "160",
            "caller": "0x7ffe4b19957d",
            "parentcaller": "0x7ffe4b1993b7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x15402000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3059
          },
          {
            "timestamp": "2026-04-16 20:07:31,290",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac080",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000530",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1328"
              }
            ],
            "repeated": 0,
            "id": 3060
          },
          {
            "timestamp": "2026-04-16 20:07:31,290",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac0ba",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1328"
              },
              {
                "name": "level",
                "value": "0x7ffe0000ffff"
              },
              {
                "name": "optname",
                "value": "0x7ffe00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3061
          },
          {
            "timestamp": "2026-04-16 20:07:31,290",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1328"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3062
          },
          {
            "timestamp": "2026-04-16 20:07:31,290",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000530"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x10w\\xf1\\xaa\\xfe\\x7f\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3063
          },
          {
            "timestamp": "2026-04-16 20:07:31,290",
            "thread_id": "160",
            "caller": "0x7ffe4b1ae05a",
            "parentcaller": "0x7ffe4b1ac15a",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1328"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "127.0.0.1"
              },
              {
                "name": "port",
                "value": "9033"
              }
            ],
            "repeated": 0,
            "id": 3064
          },
          {
            "timestamp": "2026-04-16 20:07:31,290",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 8,
            "id": 3065
          },
          {
            "timestamp": "2026-04-16 20:07:31,556",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3066
          },
          {
            "timestamp": "2026-04-16 20:07:31,556",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3067
          },
          {
            "timestamp": "2026-04-16 20:07:31,571",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 3068
          },
          {
            "timestamp": "2026-04-16 20:07:32,071",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3069
          },
          {
            "timestamp": "2026-04-16 20:07:32,071",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 3070
          },
          {
            "timestamp": "2026-04-16 20:07:32,071",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3071
          },
          {
            "timestamp": "2026-04-16 20:07:32,102",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 3072
          },
          {
            "timestamp": "2026-04-16 20:07:32,587",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3073
          },
          {
            "timestamp": "2026-04-16 20:07:32,587",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3074
          },
          {
            "timestamp": "2026-04-16 20:07:32,602",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 3075
          },
          {
            "timestamp": "2026-04-16 20:07:33,102",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3076
          },
          {
            "timestamp": "2026-04-16 20:07:33,102",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3077
          },
          {
            "timestamp": "2026-04-16 20:07:33,134",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 5,
            "id": 3078
          },
          {
            "timestamp": "2026-04-16 20:07:33,321",
            "thread_id": "1656",
            "caller": "0x7ffefc618e6e",
            "parentcaller": "0x7ffeaaca8b2f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000528"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x8b\\x00\\x00\\x00\\x00\\x00<\\x10\\x00\\x00\\x00\\x00\\x00\\x00x\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "1656"
              }
            ],
            "repeated": 0,
            "id": 3079
          },
          {
            "timestamp": "2026-04-16 20:07:33,321",
            "thread_id": "1656",
            "caller": "0x7ffe4b1ae78d",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1328"
              }
            ],
            "repeated": 0,
            "id": 3080
          },
          {
            "timestamp": "2026-04-16 20:07:33,321",
            "thread_id": "160",
            "caller": "0x7ffe4b1af620",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 3081
          },
          {
            "timestamp": "2026-04-16 20:07:33,618",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3082
          },
          {
            "timestamp": "2026-04-16 20:07:33,618",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3083
          },
          {
            "timestamp": "2026-04-16 20:07:34,134",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3084
          },
          {
            "timestamp": "2026-04-16 20:07:34,134",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3085
          },
          {
            "timestamp": "2026-04-16 20:07:34,649",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3086
          },
          {
            "timestamp": "2026-04-16 20:07:34,649",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3087
          },
          {
            "timestamp": "2026-04-16 20:07:35,165",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3088
          },
          {
            "timestamp": "2026-04-16 20:07:35,165",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3089
          },
          {
            "timestamp": "2026-04-16 20:07:35,681",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3090
          },
          {
            "timestamp": "2026-04-16 20:07:35,681",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3091
          },
          {
            "timestamp": "2026-04-16 20:07:36,196",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3092
          },
          {
            "timestamp": "2026-04-16 20:07:36,196",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3093
          },
          {
            "timestamp": "2026-04-16 20:07:36,712",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3094
          },
          {
            "timestamp": "2026-04-16 20:07:36,712",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3095
          },
          {
            "timestamp": "2026-04-16 20:07:37,227",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3096
          },
          {
            "timestamp": "2026-04-16 20:07:37,227",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3097
          },
          {
            "timestamp": "2026-04-16 20:07:37,337",
            "thread_id": "160",
            "caller": "0x7ffe4b19957d",
            "parentcaller": "0x7ffe4b1993b7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x15422000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3098
          },
          {
            "timestamp": "2026-04-16 20:07:37,337",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac080",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000530",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1328"
              }
            ],
            "repeated": 0,
            "id": 3099
          },
          {
            "timestamp": "2026-04-16 20:07:37,337",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac0ba",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1328"
              },
              {
                "name": "level",
                "value": "0x7ffe0000ffff"
              },
              {
                "name": "optname",
                "value": "0x7ffe00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3100
          },
          {
            "timestamp": "2026-04-16 20:07:37,337",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1328"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3101
          },
          {
            "timestamp": "2026-04-16 20:07:37,337",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000530"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x10w\\xf1\\xaa\\xfe\\x7f\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3102
          },
          {
            "timestamp": "2026-04-16 20:07:37,337",
            "thread_id": "160",
            "caller": "0x7ffe4b1ae05a",
            "parentcaller": "0x7ffe4b1ac15a",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1328"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "127.0.0.1"
              },
              {
                "name": "port",
                "value": "9033"
              }
            ],
            "repeated": 0,
            "id": 3103
          },
          {
            "timestamp": "2026-04-16 20:07:37,337",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 13,
            "id": 3104
          },
          {
            "timestamp": "2026-04-16 20:07:37,743",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3105
          },
          {
            "timestamp": "2026-04-16 20:07:37,743",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3106
          },
          {
            "timestamp": "2026-04-16 20:07:37,774",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 3107
          },
          {
            "timestamp": "2026-04-16 20:07:38,259",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3108
          },
          {
            "timestamp": "2026-04-16 20:07:38,259",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3109
          },
          {
            "timestamp": "2026-04-16 20:07:38,274",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 3110
          },
          {
            "timestamp": "2026-04-16 20:07:38,774",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3111
          },
          {
            "timestamp": "2026-04-16 20:07:38,774",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3112
          },
          {
            "timestamp": "2026-04-16 20:07:38,837",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 14,
            "id": 3113
          },
          {
            "timestamp": "2026-04-16 20:07:39,290",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3114
          },
          {
            "timestamp": "2026-04-16 20:07:39,290",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3115
          },
          {
            "timestamp": "2026-04-16 20:07:39,306",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 1,
            "id": 3116
          },
          {
            "timestamp": "2026-04-16 20:07:39,368",
            "thread_id": "1656",
            "caller": "0x7ffe4b1ae78d",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1328"
              }
            ],
            "repeated": 0,
            "id": 3117
          },
          {
            "timestamp": "2026-04-16 20:07:39,368",
            "thread_id": "160",
            "caller": "0x7ffe4b1af620",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 3118
          },
          {
            "timestamp": "2026-04-16 20:07:39,806",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3119
          },
          {
            "timestamp": "2026-04-16 20:07:39,806",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3120
          },
          {
            "timestamp": "2026-04-16 20:07:40,321",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3121
          },
          {
            "timestamp": "2026-04-16 20:07:40,321",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3122
          },
          {
            "timestamp": "2026-04-16 20:07:40,837",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3123
          },
          {
            "timestamp": "2026-04-16 20:07:40,837",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3124
          },
          {
            "timestamp": "2026-04-16 20:07:41,352",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3125
          },
          {
            "timestamp": "2026-04-16 20:07:41,352",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3126
          },
          {
            "timestamp": "2026-04-16 20:07:41,868",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3127
          },
          {
            "timestamp": "2026-04-16 20:07:41,868",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3128
          },
          {
            "timestamp": "2026-04-16 20:07:42,259",
            "thread_id": "7372",
            "caller": "0x7ffeaaa04a01",
            "parentcaller": "0x7ffeaaa049bd",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "16"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7372"
              }
            ],
            "repeated": 0,
            "id": 3129
          },
          {
            "timestamp": "2026-04-16 20:07:42,259",
            "thread_id": "7372",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffefccdea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe4a0000"
              }
            ],
            "repeated": 0,
            "id": 3130
          },
          {
            "timestamp": "2026-04-16 20:07:42,259",
            "thread_id": "7372",
            "caller": "0x7ffefe8a466e",
            "parentcaller": "0x7ffefe3f703d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7372"
              }
            ],
            "repeated": 0,
            "id": 3131
          },
          {
            "timestamp": "2026-04-16 20:07:42,259",
            "thread_id": "7372",
            "caller": "0x7ffefb66e309",
            "parentcaller": "0x7ffefb671c15",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000458"
              }
            ],
            "repeated": 0,
            "id": 3132
          },
          {
            "timestamp": "2026-04-16 20:07:42,259",
            "thread_id": "7372",
            "caller": "0x7ffefe8a468e",
            "parentcaller": "0x7ffefe3f703d",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3133
          },
          {
            "timestamp": "2026-04-16 20:07:42,384",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3134
          },
          {
            "timestamp": "2026-04-16 20:07:42,384",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3135
          },
          {
            "timestamp": "2026-04-16 20:07:42,899",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3136
          },
          {
            "timestamp": "2026-04-16 20:07:42,899",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3137
          },
          {
            "timestamp": "2026-04-16 20:07:43,384",
            "thread_id": "160",
            "caller": "0x7ffe4b19957d",
            "parentcaller": "0x7ffe4b1993b7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x15442000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3138
          },
          {
            "timestamp": "2026-04-16 20:07:43,384",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac080",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000538",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1336"
              }
            ],
            "repeated": 0,
            "id": 3139
          },
          {
            "timestamp": "2026-04-16 20:07:43,384",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac0ba",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1336"
              },
              {
                "name": "level",
                "value": "0x7ffe0000ffff"
              },
              {
                "name": "optname",
                "value": "0x7ffe00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3140
          },
          {
            "timestamp": "2026-04-16 20:07:43,384",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1336"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3141
          },
          {
            "timestamp": "2026-04-16 20:07:43,384",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000538"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x10w\\xf1\\xaa\\xfe\\x7f\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3142
          },
          {
            "timestamp": "2026-04-16 20:07:43,384",
            "thread_id": "160",
            "caller": "0x7ffe4b1ae05a",
            "parentcaller": "0x7ffe4b1ac15a",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1336"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "127.0.0.1"
              },
              {
                "name": "port",
                "value": "9033"
              }
            ],
            "repeated": 0,
            "id": 3143
          },
          {
            "timestamp": "2026-04-16 20:07:43,384",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 1,
            "id": 3144
          },
          {
            "timestamp": "2026-04-16 20:07:43,415",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3145
          },
          {
            "timestamp": "2026-04-16 20:07:43,415",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3146
          },
          {
            "timestamp": "2026-04-16 20:07:43,446",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 3147
          },
          {
            "timestamp": "2026-04-16 20:07:43,931",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3148
          },
          {
            "timestamp": "2026-04-16 20:07:43,931",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3149
          },
          {
            "timestamp": "2026-04-16 20:07:43,946",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 3150
          },
          {
            "timestamp": "2026-04-16 20:07:44,446",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3151
          },
          {
            "timestamp": "2026-04-16 20:07:44,446",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3152
          },
          {
            "timestamp": "2026-04-16 20:07:44,446",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 16,
            "id": 3153
          },
          {
            "timestamp": "2026-04-16 20:07:44,946",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3154
          },
          {
            "timestamp": "2026-04-16 20:07:44,946",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3155
          },
          {
            "timestamp": "2026-04-16 20:07:44,977",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 13,
            "id": 3156
          },
          {
            "timestamp": "2026-04-16 20:07:45,431",
            "thread_id": "1656",
            "caller": "0x7ffefc5e55ef",
            "parentcaller": "0x7ffefe3fb5dd",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000540"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00c42a90"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "4316"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              },
              {
                "name": "Module",
                "value": "mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 3157
          },
          {
            "timestamp": "2026-04-16 20:07:45,431",
            "thread_id": "1656",
            "caller": "0x7ffefc5e55ef",
            "parentcaller": "0x7ffefe3fb5dd",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x00000540",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00c42a90"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "4316"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 3158
          },
          {
            "timestamp": "2026-04-16 20:07:45,431",
            "thread_id": "1656",
            "caller": "0x7ffefc627bc0",
            "parentcaller": "0x7ffeaaca89a2",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000540"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "4316"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 3159
          },
          {
            "timestamp": "2026-04-16 20:07:45,431",
            "thread_id": "1656",
            "caller": "0x7ffe4b1ae78d",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1336"
              }
            ],
            "repeated": 0,
            "id": 3160
          },
          {
            "timestamp": "2026-04-16 20:07:45,431",
            "thread_id": "4316",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffefc5e2d56",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              }
            ],
            "repeated": 0,
            "id": 3161
          },
          {
            "timestamp": "2026-04-16 20:07:45,431",
            "thread_id": "4316",
            "caller": "0x7ffefe8c4fed",
            "parentcaller": "0x7ffefe8c4bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3162
          },
          {
            "timestamp": "2026-04-16 20:07:45,431",
            "thread_id": "4316",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00c42a90"
              }
            ],
            "repeated": 0,
            "id": 3163
          },
          {
            "timestamp": "2026-04-16 20:07:45,431",
            "thread_id": "4316",
            "caller": "0x7ffeaacb620d",
            "parentcaller": "0x7ffeaa87894f",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "16384"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3164
          },
          {
            "timestamp": "2026-04-16 20:07:45,431",
            "thread_id": "4316",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaa878a03",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e641000"
              },
              {
                "name": "RegionSize",
                "value": "0x000f6000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3165
          },
          {
            "timestamp": "2026-04-16 20:07:45,446",
            "thread_id": "160",
            "caller": "0x7ffe4b1af620",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 3166
          },
          {
            "timestamp": "2026-04-16 20:07:45,462",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3167
          },
          {
            "timestamp": "2026-04-16 20:07:45,462",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3168
          },
          {
            "timestamp": "2026-04-16 20:07:45,977",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3169
          },
          {
            "timestamp": "2026-04-16 20:07:45,977",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3170
          },
          {
            "timestamp": "2026-04-16 20:07:46,493",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3171
          },
          {
            "timestamp": "2026-04-16 20:07:46,493",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3172
          },
          {
            "timestamp": "2026-04-16 20:07:47,009",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3173
          },
          {
            "timestamp": "2026-04-16 20:07:47,009",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3174
          },
          {
            "timestamp": "2026-04-16 20:07:47,524",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3175
          },
          {
            "timestamp": "2026-04-16 20:07:47,524",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3176
          },
          {
            "timestamp": "2026-04-16 20:07:48,040",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3177
          },
          {
            "timestamp": "2026-04-16 20:07:48,040",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3178
          },
          {
            "timestamp": "2026-04-16 20:07:48,556",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3179
          },
          {
            "timestamp": "2026-04-16 20:07:48,556",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3180
          },
          {
            "timestamp": "2026-04-16 20:07:48,571",
            "thread_id": "4860",
            "caller": "0x7ffe4b196d1f",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20000"
              }
            ],
            "repeated": 0,
            "id": 3181
          },
          {
            "timestamp": "2026-04-16 20:07:49,071",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3182
          },
          {
            "timestamp": "2026-04-16 20:07:49,071",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3183
          },
          {
            "timestamp": "2026-04-16 20:07:49,462",
            "thread_id": "160",
            "caller": "0x7ffe4b19957d",
            "parentcaller": "0x7ffe4b1993b7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x15462000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3184
          },
          {
            "timestamp": "2026-04-16 20:07:49,462",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac080",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000548",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1352"
              }
            ],
            "repeated": 0,
            "id": 3185
          },
          {
            "timestamp": "2026-04-16 20:07:49,462",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac0ba",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1352"
              },
              {
                "name": "level",
                "value": "0x7ffe0000ffff"
              },
              {
                "name": "optname",
                "value": "0x7ffe00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3186
          },
          {
            "timestamp": "2026-04-16 20:07:49,462",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1352"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3187
          },
          {
            "timestamp": "2026-04-16 20:07:49,462",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000548"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x10w\\xf1\\xaa\\xfe\\x7f\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3188
          },
          {
            "timestamp": "2026-04-16 20:07:49,462",
            "thread_id": "160",
            "caller": "0x7ffe4b1ae05a",
            "parentcaller": "0x7ffe4b1ac15a",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1352"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "127.0.0.1"
              },
              {
                "name": "port",
                "value": "9033"
              }
            ],
            "repeated": 0,
            "id": 3189
          },
          {
            "timestamp": "2026-04-16 20:07:49,462",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 4,
            "id": 3190
          },
          {
            "timestamp": "2026-04-16 20:07:49,587",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3191
          },
          {
            "timestamp": "2026-04-16 20:07:49,587",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3192
          },
          {
            "timestamp": "2026-04-16 20:07:49,618",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 3193
          },
          {
            "timestamp": "2026-04-16 20:07:50,102",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3194
          },
          {
            "timestamp": "2026-04-16 20:07:50,102",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3195
          },
          {
            "timestamp": "2026-04-16 20:07:50,118",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 14,
            "id": 3196
          },
          {
            "timestamp": "2026-04-16 20:07:50,618",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3197
          },
          {
            "timestamp": "2026-04-16 20:07:50,618",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3198
          },
          {
            "timestamp": "2026-04-16 20:07:50,634",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 3199
          },
          {
            "timestamp": "2026-04-16 20:07:51,134",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3200
          },
          {
            "timestamp": "2026-04-16 20:07:51,134",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3201
          },
          {
            "timestamp": "2026-04-16 20:07:51,134",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 12,
            "id": 3202
          },
          {
            "timestamp": "2026-04-16 20:07:51,524",
            "thread_id": "4316",
            "caller": "0x7ffefc618e6e",
            "parentcaller": "0x7ffeaaca8b2f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000540"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x8b\\x00\\x00\\x00\\x00\\x00<\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\xdc\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "4316"
              }
            ],
            "repeated": 0,
            "id": 3203
          },
          {
            "timestamp": "2026-04-16 20:07:51,524",
            "thread_id": "4316",
            "caller": "0x7ffe4b1ae78d",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1352"
              }
            ],
            "repeated": 0,
            "id": 3204
          },
          {
            "timestamp": "2026-04-16 20:07:51,540",
            "thread_id": "160",
            "caller": "0x7ffe4b1af620",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 3205
          },
          {
            "timestamp": "2026-04-16 20:07:51,649",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3206
          },
          {
            "timestamp": "2026-04-16 20:07:51,649",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3207
          },
          {
            "timestamp": "2026-04-16 20:07:52,165",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3208
          },
          {
            "timestamp": "2026-04-16 20:07:52,165",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3209
          },
          {
            "timestamp": "2026-04-16 20:07:52,681",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3210
          },
          {
            "timestamp": "2026-04-16 20:07:52,681",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3211
          },
          {
            "timestamp": "2026-04-16 20:07:53,196",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3212
          },
          {
            "timestamp": "2026-04-16 20:07:53,196",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3213
          },
          {
            "timestamp": "2026-04-16 20:07:53,712",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3214
          },
          {
            "timestamp": "2026-04-16 20:07:53,712",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3215
          },
          {
            "timestamp": "2026-04-16 20:07:54,227",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3216
          },
          {
            "timestamp": "2026-04-16 20:07:54,227",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3217
          },
          {
            "timestamp": "2026-04-16 20:07:54,743",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3218
          },
          {
            "timestamp": "2026-04-16 20:07:54,743",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3219
          },
          {
            "timestamp": "2026-04-16 20:07:55,259",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3220
          },
          {
            "timestamp": "2026-04-16 20:07:55,259",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3221
          },
          {
            "timestamp": "2026-04-16 20:07:55,556",
            "thread_id": "160",
            "caller": "0x7ffe4b19957d",
            "parentcaller": "0x7ffe4b1993b7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x15482000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3222
          },
          {
            "timestamp": "2026-04-16 20:07:55,556",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac080",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000548",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1352"
              }
            ],
            "repeated": 0,
            "id": 3223
          },
          {
            "timestamp": "2026-04-16 20:07:55,556",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac0ba",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1352"
              },
              {
                "name": "level",
                "value": "0x7ffe0000ffff"
              },
              {
                "name": "optname",
                "value": "0x7ffe00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3224
          },
          {
            "timestamp": "2026-04-16 20:07:55,556",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1352"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3225
          },
          {
            "timestamp": "2026-04-16 20:07:55,556",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000548"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x10w\\xf1\\xaa\\xfe\\x7f\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3226
          },
          {
            "timestamp": "2026-04-16 20:07:55,556",
            "thread_id": "160",
            "caller": "0x7ffe4b1ae05a",
            "parentcaller": "0x7ffe4b1ac15a",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1352"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "127.0.0.1"
              },
              {
                "name": "port",
                "value": "9033"
              }
            ],
            "repeated": 0,
            "id": 3227
          },
          {
            "timestamp": "2026-04-16 20:07:55,556",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 7,
            "id": 3228
          },
          {
            "timestamp": "2026-04-16 20:07:55,774",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3229
          },
          {
            "timestamp": "2026-04-16 20:07:55,774",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3230
          },
          {
            "timestamp": "2026-04-16 20:07:55,806",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 3231
          },
          {
            "timestamp": "2026-04-16 20:07:56,290",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3232
          },
          {
            "timestamp": "2026-04-16 20:07:56,290",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3233
          },
          {
            "timestamp": "2026-04-16 20:07:56,321",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 3234
          },
          {
            "timestamp": "2026-04-16 20:07:56,806",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3235
          },
          {
            "timestamp": "2026-04-16 20:07:56,806",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3236
          },
          {
            "timestamp": "2026-04-16 20:07:56,821",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 3237
          },
          {
            "timestamp": "2026-04-16 20:07:57,321",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3238
          },
          {
            "timestamp": "2026-04-16 20:07:57,321",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3239
          },
          {
            "timestamp": "2026-04-16 20:07:57,337",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 7,
            "id": 3240
          },
          {
            "timestamp": "2026-04-16 20:07:57,602",
            "thread_id": "4316",
            "caller": "0x7ffe4b1ae78d",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1352"
              }
            ],
            "repeated": 0,
            "id": 3241
          },
          {
            "timestamp": "2026-04-16 20:07:57,618",
            "thread_id": "160",
            "caller": "0x7ffe4b1af620",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 3242
          },
          {
            "timestamp": "2026-04-16 20:07:57,837",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3243
          },
          {
            "timestamp": "2026-04-16 20:07:57,837",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3244
          },
          {
            "timestamp": "2026-04-16 20:07:58,352",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3245
          },
          {
            "timestamp": "2026-04-16 20:07:58,352",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3246
          },
          {
            "timestamp": "2026-04-16 20:07:58,868",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3247
          },
          {
            "timestamp": "2026-04-16 20:07:58,868",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3248
          },
          {
            "timestamp": "2026-04-16 20:07:59,384",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3249
          },
          {
            "timestamp": "2026-04-16 20:07:59,384",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3250
          },
          {
            "timestamp": "2026-04-16 20:07:59,899",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3251
          },
          {
            "timestamp": "2026-04-16 20:07:59,899",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3252
          },
          {
            "timestamp": "2026-04-16 20:08:00,415",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3253
          },
          {
            "timestamp": "2026-04-16 20:08:00,415",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3254
          },
          {
            "timestamp": "2026-04-16 20:08:00,431",
            "thread_id": "1656",
            "caller": "0x7ffeaaa04a01",
            "parentcaller": "0x7ffeaaa049bd",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "16"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "1656"
              }
            ],
            "repeated": 0,
            "id": 3255
          },
          {
            "timestamp": "2026-04-16 20:08:00,431",
            "thread_id": "1656",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffefccdea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe4a0000"
              }
            ],
            "repeated": 0,
            "id": 3256
          },
          {
            "timestamp": "2026-04-16 20:08:00,431",
            "thread_id": "1656",
            "caller": "0x7ffefe8a466e",
            "parentcaller": "0x7ffefe3f703d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "1656"
              }
            ],
            "repeated": 0,
            "id": 3257
          },
          {
            "timestamp": "2026-04-16 20:08:00,431",
            "thread_id": "1656",
            "caller": "0x7ffefb66e309",
            "parentcaller": "0x7ffefb671c15",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 3258
          },
          {
            "timestamp": "2026-04-16 20:08:00,431",
            "thread_id": "1656",
            "caller": "0x7ffefe8a468e",
            "parentcaller": "0x7ffefe3f703d",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3259
          },
          {
            "timestamp": "2026-04-16 20:08:00,931",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3260
          },
          {
            "timestamp": "2026-04-16 20:08:00,931",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3261
          },
          {
            "timestamp": "2026-04-16 20:08:01,446",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3262
          },
          {
            "timestamp": "2026-04-16 20:08:01,446",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3263
          },
          {
            "timestamp": "2026-04-16 20:08:01,634",
            "thread_id": "160",
            "caller": "0x7ffe4b19957d",
            "parentcaller": "0x7ffe4b1993b7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x154a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3264
          },
          {
            "timestamp": "2026-04-16 20:08:01,634",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac080",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000548",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1352"
              }
            ],
            "repeated": 0,
            "id": 3265
          },
          {
            "timestamp": "2026-04-16 20:08:01,634",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac0ba",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1352"
              },
              {
                "name": "level",
                "value": "0x7ffe0000ffff"
              },
              {
                "name": "optname",
                "value": "0x7ffe00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3266
          },
          {
            "timestamp": "2026-04-16 20:08:01,634",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1352"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3267
          },
          {
            "timestamp": "2026-04-16 20:08:01,634",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000548"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x10w\\xf1\\xaa\\xfe\\x7f\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3268
          },
          {
            "timestamp": "2026-04-16 20:08:01,634",
            "thread_id": "160",
            "caller": "0x7ffe4b1ae05a",
            "parentcaller": "0x7ffe4b1ac15a",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1352"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "127.0.0.1"
              },
              {
                "name": "port",
                "value": "9033"
              }
            ],
            "repeated": 0,
            "id": 3269
          },
          {
            "timestamp": "2026-04-16 20:08:01,634",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 10,
            "id": 3270
          },
          {
            "timestamp": "2026-04-16 20:08:01,962",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3271
          },
          {
            "timestamp": "2026-04-16 20:08:01,962",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3272
          },
          {
            "timestamp": "2026-04-16 20:08:01,977",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 16,
            "id": 3273
          },
          {
            "timestamp": "2026-04-16 20:08:02,477",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3274
          },
          {
            "timestamp": "2026-04-16 20:08:02,477",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3275
          },
          {
            "timestamp": "2026-04-16 20:08:02,509",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 14,
            "id": 3276
          },
          {
            "timestamp": "2026-04-16 20:08:02,993",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3277
          },
          {
            "timestamp": "2026-04-16 20:08:02,993",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3278
          },
          {
            "timestamp": "2026-04-16 20:08:03,040",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 14,
            "id": 3279
          },
          {
            "timestamp": "2026-04-16 20:08:03,509",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3280
          },
          {
            "timestamp": "2026-04-16 20:08:03,509",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3281
          },
          {
            "timestamp": "2026-04-16 20:08:03,540",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 5,
            "id": 3282
          },
          {
            "timestamp": "2026-04-16 20:08:03,696",
            "thread_id": "4316",
            "caller": "0x7ffefc5e55ef",
            "parentcaller": "0x7ffefe3fb5dd",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000558"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00c42730"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "3664"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              },
              {
                "name": "Module",
                "value": "mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 3283
          },
          {
            "timestamp": "2026-04-16 20:08:03,696",
            "thread_id": "4316",
            "caller": "0x7ffefc5e55ef",
            "parentcaller": "0x7ffefe3fb5dd",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x00000558",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00c42730"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "3664"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 3284
          },
          {
            "timestamp": "2026-04-16 20:08:03,696",
            "thread_id": "4316",
            "caller": "0x7ffefc627bc0",
            "parentcaller": "0x7ffeaaca89a2",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000558"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "3664"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 3285
          },
          {
            "timestamp": "2026-04-16 20:08:03,696",
            "thread_id": "4316",
            "caller": "0x7ffe4b1ae78d",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1352"
              }
            ],
            "repeated": 0,
            "id": 3286
          },
          {
            "timestamp": "2026-04-16 20:08:03,696",
            "thread_id": "3664",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffefc5e2d56",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              }
            ],
            "repeated": 0,
            "id": 3287
          },
          {
            "timestamp": "2026-04-16 20:08:03,696",
            "thread_id": "3664",
            "caller": "0x7ffefe8c4fed",
            "parentcaller": "0x7ffefe8c4bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3288
          },
          {
            "timestamp": "2026-04-16 20:08:03,696",
            "thread_id": "3664",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00c42730"
              }
            ],
            "repeated": 0,
            "id": 3289
          },
          {
            "timestamp": "2026-04-16 20:08:03,696",
            "thread_id": "3664",
            "caller": "0x7ffeaacb620d",
            "parentcaller": "0x7ffeaa87894f",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "16384"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3290
          },
          {
            "timestamp": "2026-04-16 20:08:03,696",
            "thread_id": "3664",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaa878a03",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e541000"
              },
              {
                "name": "RegionSize",
                "value": "0x000f7000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3291
          },
          {
            "timestamp": "2026-04-16 20:08:03,727",
            "thread_id": "160",
            "caller": "0x7ffe4b1af620",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 3292
          },
          {
            "timestamp": "2026-04-16 20:08:04,024",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3293
          },
          {
            "timestamp": "2026-04-16 20:08:04,024",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3294
          },
          {
            "timestamp": "2026-04-16 20:08:04,540",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3295
          },
          {
            "timestamp": "2026-04-16 20:08:04,540",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3296
          },
          {
            "timestamp": "2026-04-16 20:08:05,056",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3297
          },
          {
            "timestamp": "2026-04-16 20:08:05,056",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3298
          },
          {
            "timestamp": "2026-04-16 20:08:05,571",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3299
          },
          {
            "timestamp": "2026-04-16 20:08:05,571",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3300
          },
          {
            "timestamp": "2026-04-16 20:08:06,087",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3301
          },
          {
            "timestamp": "2026-04-16 20:08:06,087",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3302
          },
          {
            "timestamp": "2026-04-16 20:08:06,602",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3303
          },
          {
            "timestamp": "2026-04-16 20:08:06,602",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3304
          },
          {
            "timestamp": "2026-04-16 20:08:07,118",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3305
          },
          {
            "timestamp": "2026-04-16 20:08:07,118",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3306
          },
          {
            "timestamp": "2026-04-16 20:08:07,634",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3307
          },
          {
            "timestamp": "2026-04-16 20:08:07,634",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3308
          },
          {
            "timestamp": "2026-04-16 20:08:07,743",
            "thread_id": "160",
            "caller": "0x7ffe4b19957d",
            "parentcaller": "0x7ffe4b1993b7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x154c2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3309
          },
          {
            "timestamp": "2026-04-16 20:08:07,743",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac080",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000560",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1376"
              }
            ],
            "repeated": 0,
            "id": 3310
          },
          {
            "timestamp": "2026-04-16 20:08:07,743",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac0ba",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1376"
              },
              {
                "name": "level",
                "value": "0x7ffe0000ffff"
              },
              {
                "name": "optname",
                "value": "0x7ffe00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3311
          },
          {
            "timestamp": "2026-04-16 20:08:07,743",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1376"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3312
          },
          {
            "timestamp": "2026-04-16 20:08:07,743",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x10w\\xf1\\xaa\\xfe\\x7f\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3313
          },
          {
            "timestamp": "2026-04-16 20:08:07,743",
            "thread_id": "160",
            "caller": "0x7ffe4b1ae05a",
            "parentcaller": "0x7ffe4b1ac15a",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1376"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "127.0.0.1"
              },
              {
                "name": "port",
                "value": "9033"
              }
            ],
            "repeated": 0,
            "id": 3314
          },
          {
            "timestamp": "2026-04-16 20:08:07,743",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 12,
            "id": 3315
          },
          {
            "timestamp": "2026-04-16 20:08:08,149",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3316
          },
          {
            "timestamp": "2026-04-16 20:08:08,149",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3317
          },
          {
            "timestamp": "2026-04-16 20:08:08,181",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 12,
            "id": 3318
          },
          {
            "timestamp": "2026-04-16 20:08:08,587",
            "thread_id": "4860",
            "caller": "0x7ffe4b196d1f",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20000"
              }
            ],
            "repeated": 0,
            "id": 3319
          },
          {
            "timestamp": "2026-04-16 20:08:08,602",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 1,
            "id": 3320
          },
          {
            "timestamp": "2026-04-16 20:08:08,665",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3321
          },
          {
            "timestamp": "2026-04-16 20:08:08,665",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3322
          },
          {
            "timestamp": "2026-04-16 20:08:08,665",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 3323
          },
          {
            "timestamp": "2026-04-16 20:08:09,181",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3324
          },
          {
            "timestamp": "2026-04-16 20:08:09,181",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3325
          },
          {
            "timestamp": "2026-04-16 20:08:09,196",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 16,
            "id": 3326
          },
          {
            "timestamp": "2026-04-16 20:08:09,696",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3327
          },
          {
            "timestamp": "2026-04-16 20:08:09,696",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3328
          },
          {
            "timestamp": "2026-04-16 20:08:09,727",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 1,
            "id": 3329
          },
          {
            "timestamp": "2026-04-16 20:08:09,774",
            "thread_id": "3664",
            "caller": "0x7ffefc618e6e",
            "parentcaller": "0x7ffeaaca8b2f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000558"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x8b\\x00\\x00\\x00\\x00\\x00<\\x10\\x00\\x00\\x00\\x00\\x00\\x00P\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3664"
              }
            ],
            "repeated": 0,
            "id": 3330
          },
          {
            "timestamp": "2026-04-16 20:08:09,774",
            "thread_id": "3664",
            "caller": "0x7ffe4b1ae78d",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1376"
              }
            ],
            "repeated": 0,
            "id": 3331
          },
          {
            "timestamp": "2026-04-16 20:08:09,790",
            "thread_id": "160",
            "caller": "0x7ffe4b1af620",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 3332
          },
          {
            "timestamp": "2026-04-16 20:08:10,212",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3333
          },
          {
            "timestamp": "2026-04-16 20:08:10,212",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3334
          },
          {
            "timestamp": "2026-04-16 20:08:10,727",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3335
          },
          {
            "timestamp": "2026-04-16 20:08:10,727",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3336
          },
          {
            "timestamp": "2026-04-16 20:08:11,227",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3337
          },
          {
            "timestamp": "2026-04-16 20:08:11,227",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3338
          },
          {
            "timestamp": "2026-04-16 20:08:11,743",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3339
          },
          {
            "timestamp": "2026-04-16 20:08:11,743",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3340
          },
          {
            "timestamp": "2026-04-16 20:08:12,259",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3341
          },
          {
            "timestamp": "2026-04-16 20:08:12,259",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3342
          },
          {
            "timestamp": "2026-04-16 20:08:12,759",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3343
          },
          {
            "timestamp": "2026-04-16 20:08:12,759",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3344
          },
          {
            "timestamp": "2026-04-16 20:08:13,274",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3345
          },
          {
            "timestamp": "2026-04-16 20:08:13,274",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3346
          },
          {
            "timestamp": "2026-04-16 20:08:13,790",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3347
          },
          {
            "timestamp": "2026-04-16 20:08:13,790",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3348
          },
          {
            "timestamp": "2026-04-16 20:08:13,806",
            "thread_id": "160",
            "caller": "0x7ffe4b19957d",
            "parentcaller": "0x7ffe4b1993b7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x154e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3349
          },
          {
            "timestamp": "2026-04-16 20:08:13,806",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac080",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000548",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1352"
              }
            ],
            "repeated": 0,
            "id": 3350
          },
          {
            "timestamp": "2026-04-16 20:08:13,806",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac0ba",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1352"
              },
              {
                "name": "level",
                "value": "0x7ffe0000ffff"
              },
              {
                "name": "optname",
                "value": "0x7ffe00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3351
          },
          {
            "timestamp": "2026-04-16 20:08:13,806",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1352"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3352
          },
          {
            "timestamp": "2026-04-16 20:08:13,806",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000548"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x10w\\xf1\\xaa\\xfe\\x7f\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3353
          },
          {
            "timestamp": "2026-04-16 20:08:13,806",
            "thread_id": "160",
            "caller": "0x7ffe4b1ae05a",
            "parentcaller": "0x7ffe4b1ac15a",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1352"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "127.0.0.1"
              },
              {
                "name": "port",
                "value": "9033"
              }
            ],
            "repeated": 0,
            "id": 3354
          },
          {
            "timestamp": "2026-04-16 20:08:13,806",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 3355
          },
          {
            "timestamp": "2026-04-16 20:08:14,306",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3356
          },
          {
            "timestamp": "2026-04-16 20:08:14,306",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3357
          },
          {
            "timestamp": "2026-04-16 20:08:14,321",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 3358
          },
          {
            "timestamp": "2026-04-16 20:08:14,806",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3359
          },
          {
            "timestamp": "2026-04-16 20:08:14,806",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3360
          },
          {
            "timestamp": "2026-04-16 20:08:14,821",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 3361
          },
          {
            "timestamp": "2026-04-16 20:08:15,321",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3362
          },
          {
            "timestamp": "2026-04-16 20:08:15,321",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3363
          },
          {
            "timestamp": "2026-04-16 20:08:15,352",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 14,
            "id": 3364
          },
          {
            "timestamp": "2026-04-16 20:08:15,821",
            "thread_id": "3664",
            "caller": "0x7ffe4b1ae78d",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1352"
              }
            ],
            "repeated": 0,
            "id": 3365
          },
          {
            "timestamp": "2026-04-16 20:08:15,821",
            "thread_id": "160",
            "caller": "0x7ffe4b1af620",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 3366
          },
          {
            "timestamp": "2026-04-16 20:08:15,837",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3367
          },
          {
            "timestamp": "2026-04-16 20:08:15,837",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3368
          },
          {
            "timestamp": "2026-04-16 20:08:16,352",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3369
          },
          {
            "timestamp": "2026-04-16 20:08:16,352",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3370
          },
          {
            "timestamp": "2026-04-16 20:08:16,868",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3371
          },
          {
            "timestamp": "2026-04-16 20:08:16,868",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3372
          },
          {
            "timestamp": "2026-04-16 20:08:17,368",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3373
          },
          {
            "timestamp": "2026-04-16 20:08:17,368",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3374
          },
          {
            "timestamp": "2026-04-16 20:08:17,884",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3375
          },
          {
            "timestamp": "2026-04-16 20:08:17,884",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3376
          },
          {
            "timestamp": "2026-04-16 20:08:18,399",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3377
          },
          {
            "timestamp": "2026-04-16 20:08:18,399",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3378
          },
          {
            "timestamp": "2026-04-16 20:08:18,712",
            "thread_id": "4316",
            "caller": "0x7ffeaaa04a01",
            "parentcaller": "0x7ffeaaa049bd",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "16"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "4316"
              }
            ],
            "repeated": 0,
            "id": 3379
          },
          {
            "timestamp": "2026-04-16 20:08:18,712",
            "thread_id": "4316",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffefccdea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe4a0000"
              }
            ],
            "repeated": 0,
            "id": 3380
          },
          {
            "timestamp": "2026-04-16 20:08:18,712",
            "thread_id": "4316",
            "caller": "0x7ffefe8a466e",
            "parentcaller": "0x7ffefe3f703d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "4316"
              }
            ],
            "repeated": 0,
            "id": 3381
          },
          {
            "timestamp": "2026-04-16 20:08:18,712",
            "thread_id": "4316",
            "caller": "0x7ffefb66e309",
            "parentcaller": "0x7ffefb671c15",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000054c"
              }
            ],
            "repeated": 0,
            "id": 3382
          },
          {
            "timestamp": "2026-04-16 20:08:18,712",
            "thread_id": "4316",
            "caller": "0x7ffefe8a468e",
            "parentcaller": "0x7ffefe3f703d",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3383
          },
          {
            "timestamp": "2026-04-16 20:08:18,915",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3384
          },
          {
            "timestamp": "2026-04-16 20:08:18,915",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3385
          },
          {
            "timestamp": "2026-04-16 20:08:19,431",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3386
          },
          {
            "timestamp": "2026-04-16 20:08:19,431",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3387
          },
          {
            "timestamp": "2026-04-16 20:08:19,837",
            "thread_id": "160",
            "caller": "0x7ffe4b19957d",
            "parentcaller": "0x7ffe4b1993b7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x15502000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3388
          },
          {
            "timestamp": "2026-04-16 20:08:19,837",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac064",
            "parentcaller": "0x7ffe4b199418",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05402000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3389
          },
          {
            "timestamp": "2026-04-16 20:08:19,837",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac080",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000548",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1352"
              }
            ],
            "repeated": 0,
            "id": 3390
          },
          {
            "timestamp": "2026-04-16 20:08:19,837",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac0ba",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1352"
              },
              {
                "name": "level",
                "value": "0x7ffe0000ffff"
              },
              {
                "name": "optname",
                "value": "0x7ffe00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3391
          },
          {
            "timestamp": "2026-04-16 20:08:19,837",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1352"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3392
          },
          {
            "timestamp": "2026-04-16 20:08:19,837",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000548"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x10w\\xf1\\xaa\\xfe\\x7f\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3393
          },
          {
            "timestamp": "2026-04-16 20:08:19,837",
            "thread_id": "160",
            "caller": "0x7ffe4b1ae05a",
            "parentcaller": "0x7ffe4b1ac15a",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1352"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "127.0.0.1"
              },
              {
                "name": "port",
                "value": "9033"
              }
            ],
            "repeated": 0,
            "id": 3394
          },
          {
            "timestamp": "2026-04-16 20:08:19,837",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 3,
            "id": 3395
          },
          {
            "timestamp": "2026-04-16 20:08:19,946",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3396
          },
          {
            "timestamp": "2026-04-16 20:08:19,946",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3397
          },
          {
            "timestamp": "2026-04-16 20:08:19,962",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 3398
          },
          {
            "timestamp": "2026-04-16 20:08:20,462",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3399
          },
          {
            "timestamp": "2026-04-16 20:08:20,462",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3400
          },
          {
            "timestamp": "2026-04-16 20:08:20,477",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 3401
          },
          {
            "timestamp": "2026-04-16 20:08:20,977",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3402
          },
          {
            "timestamp": "2026-04-16 20:08:20,977",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 3403
          },
          {
            "timestamp": "2026-04-16 20:08:20,977",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3404
          },
          {
            "timestamp": "2026-04-16 20:08:21,009",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 14,
            "id": 3405
          },
          {
            "timestamp": "2026-04-16 20:08:21,493",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3406
          },
          {
            "timestamp": "2026-04-16 20:08:21,493",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3407
          },
          {
            "timestamp": "2026-04-16 20:08:21,524",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 10,
            "id": 3408
          },
          {
            "timestamp": "2026-04-16 20:08:21,868",
            "thread_id": "3664",
            "caller": "0x7ffefc5e55ef",
            "parentcaller": "0x7ffefe3fb5dd",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000570"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00c42a70"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "1128"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              },
              {
                "name": "Module",
                "value": "mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 3409
          },
          {
            "timestamp": "2026-04-16 20:08:21,868",
            "thread_id": "3664",
            "caller": "0x7ffefc5e55ef",
            "parentcaller": "0x7ffefe3fb5dd",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x00000570",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00c42a70"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "1128"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 3410
          },
          {
            "timestamp": "2026-04-16 20:08:21,868",
            "thread_id": "3664",
            "caller": "0x7ffefc627bc0",
            "parentcaller": "0x7ffeaaca89a2",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000570"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "1128"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 3411
          },
          {
            "timestamp": "2026-04-16 20:08:21,868",
            "thread_id": "3664",
            "caller": "0x7ffe4b1ae78d",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1352"
              }
            ],
            "repeated": 0,
            "id": 3412
          },
          {
            "timestamp": "2026-04-16 20:08:21,868",
            "thread_id": "1128",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffefc5e2d56",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              }
            ],
            "repeated": 0,
            "id": 3413
          },
          {
            "timestamp": "2026-04-16 20:08:21,868",
            "thread_id": "1128",
            "caller": "0x7ffefe8c4fed",
            "parentcaller": "0x7ffefe8c4bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3414
          },
          {
            "timestamp": "2026-04-16 20:08:21,868",
            "thread_id": "1128",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00c42a70"
              }
            ],
            "repeated": 0,
            "id": 3415
          },
          {
            "timestamp": "2026-04-16 20:08:21,868",
            "thread_id": "1128",
            "caller": "0x7ffeaacb620d",
            "parentcaller": "0x7ffeaa87894f",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "16384"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3416
          },
          {
            "timestamp": "2026-04-16 20:08:21,868",
            "thread_id": "1128",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaa878a03",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e641000"
              },
              {
                "name": "RegionSize",
                "value": "0x000f7000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3417
          },
          {
            "timestamp": "2026-04-16 20:08:21,884",
            "thread_id": "160",
            "caller": "0x7ffe4b1af620",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 3418
          },
          {
            "timestamp": "2026-04-16 20:08:22,009",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3419
          },
          {
            "timestamp": "2026-04-16 20:08:22,009",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3420
          },
          {
            "timestamp": "2026-04-16 20:08:22,524",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3421
          },
          {
            "timestamp": "2026-04-16 20:08:22,524",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3422
          },
          {
            "timestamp": "2026-04-16 20:08:23,040",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3423
          },
          {
            "timestamp": "2026-04-16 20:08:23,040",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3424
          },
          {
            "timestamp": "2026-04-16 20:08:23,571",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3425
          },
          {
            "timestamp": "2026-04-16 20:08:23,571",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3426
          },
          {
            "timestamp": "2026-04-16 20:08:24,087",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3427
          },
          {
            "timestamp": "2026-04-16 20:08:24,087",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3428
          },
          {
            "timestamp": "2026-04-16 20:08:24,602",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3429
          },
          {
            "timestamp": "2026-04-16 20:08:24,602",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3430
          },
          {
            "timestamp": "2026-04-16 20:08:25,118",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3431
          },
          {
            "timestamp": "2026-04-16 20:08:25,118",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3432
          },
          {
            "timestamp": "2026-04-16 20:08:25,634",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3433
          },
          {
            "timestamp": "2026-04-16 20:08:25,634",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3434
          },
          {
            "timestamp": "2026-04-16 20:08:25,899",
            "thread_id": "160",
            "caller": "0x7ffe4b19957d",
            "parentcaller": "0x7ffe4b1993b7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x15522000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3435
          },
          {
            "timestamp": "2026-04-16 20:08:25,899",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac080",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000578",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1400"
              }
            ],
            "repeated": 0,
            "id": 3436
          },
          {
            "timestamp": "2026-04-16 20:08:25,899",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac0ba",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1400"
              },
              {
                "name": "level",
                "value": "0x7ffe0000ffff"
              },
              {
                "name": "optname",
                "value": "0x7ffe00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3437
          },
          {
            "timestamp": "2026-04-16 20:08:25,899",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1400"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3438
          },
          {
            "timestamp": "2026-04-16 20:08:25,899",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000578"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x10w\\xf1\\xaa\\xfe\\x7f\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3439
          },
          {
            "timestamp": "2026-04-16 20:08:25,899",
            "thread_id": "160",
            "caller": "0x7ffe4b1ae05a",
            "parentcaller": "0x7ffe4b1ac15a",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1400"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "127.0.0.1"
              },
              {
                "name": "port",
                "value": "9033"
              }
            ],
            "repeated": 0,
            "id": 3440
          },
          {
            "timestamp": "2026-04-16 20:08:25,899",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 8,
            "id": 3441
          },
          {
            "timestamp": "2026-04-16 20:08:26,149",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3442
          },
          {
            "timestamp": "2026-04-16 20:08:26,149",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3443
          },
          {
            "timestamp": "2026-04-16 20:08:26,181",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 3444
          },
          {
            "timestamp": "2026-04-16 20:08:26,665",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3445
          },
          {
            "timestamp": "2026-04-16 20:08:26,665",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3446
          },
          {
            "timestamp": "2026-04-16 20:08:26,696",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 3447
          },
          {
            "timestamp": "2026-04-16 20:08:27,181",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3448
          },
          {
            "timestamp": "2026-04-16 20:08:27,181",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3449
          },
          {
            "timestamp": "2026-04-16 20:08:27,196",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 3450
          },
          {
            "timestamp": "2026-04-16 20:08:27,696",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3451
          },
          {
            "timestamp": "2026-04-16 20:08:27,696",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3452
          },
          {
            "timestamp": "2026-04-16 20:08:27,712",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 7,
            "id": 3453
          },
          {
            "timestamp": "2026-04-16 20:08:27,946",
            "thread_id": "1128",
            "caller": "0x7ffefc618e6e",
            "parentcaller": "0x7ffeaaca8b2f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000570"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x8b\\x00\\x00\\x00\\x00\\x00<\\x10\\x00\\x00\\x00\\x00\\x00\\x00h\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "1128"
              }
            ],
            "repeated": 0,
            "id": 3454
          },
          {
            "timestamp": "2026-04-16 20:08:27,946",
            "thread_id": "1128",
            "caller": "0x7ffe4b1ae78d",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1400"
              }
            ],
            "repeated": 0,
            "id": 3455
          },
          {
            "timestamp": "2026-04-16 20:08:27,962",
            "thread_id": "160",
            "caller": "0x7ffe4b1af620",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 3456
          },
          {
            "timestamp": "2026-04-16 20:08:28,212",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3457
          },
          {
            "timestamp": "2026-04-16 20:08:28,212",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3458
          },
          {
            "timestamp": "2026-04-16 20:08:28,602",
            "thread_id": "4860",
            "caller": "0x7ffe4b196d1f",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20000"
              }
            ],
            "repeated": 0,
            "id": 3459
          },
          {
            "timestamp": "2026-04-16 20:08:28,712",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3460
          },
          {
            "timestamp": "2026-04-16 20:08:28,712",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3461
          },
          {
            "timestamp": "2026-04-16 20:08:29,227",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3462
          },
          {
            "timestamp": "2026-04-16 20:08:29,227",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3463
          },
          {
            "timestamp": "2026-04-16 20:08:29,743",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3464
          },
          {
            "timestamp": "2026-04-16 20:08:29,743",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3465
          },
          {
            "timestamp": "2026-04-16 20:08:30,259",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3466
          },
          {
            "timestamp": "2026-04-16 20:08:30,259",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3467
          },
          {
            "timestamp": "2026-04-16 20:08:30,774",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3468
          },
          {
            "timestamp": "2026-04-16 20:08:30,774",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3469
          },
          {
            "timestamp": "2026-04-16 20:08:31,290",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3470
          },
          {
            "timestamp": "2026-04-16 20:08:31,290",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3471
          },
          {
            "timestamp": "2026-04-16 20:08:31,806",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3472
          },
          {
            "timestamp": "2026-04-16 20:08:31,806",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3473
          },
          {
            "timestamp": "2026-04-16 20:08:31,977",
            "thread_id": "160",
            "caller": "0x7ffe4b19957d",
            "parentcaller": "0x7ffe4b1993b7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x15542000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3474
          },
          {
            "timestamp": "2026-04-16 20:08:31,977",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac080",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x0000057c",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1404"
              }
            ],
            "repeated": 0,
            "id": 3475
          },
          {
            "timestamp": "2026-04-16 20:08:31,977",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac0ba",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1404"
              },
              {
                "name": "level",
                "value": "0x7ffe0000ffff"
              },
              {
                "name": "optname",
                "value": "0x7ffe00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3476
          },
          {
            "timestamp": "2026-04-16 20:08:31,977",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1404"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3477
          },
          {
            "timestamp": "2026-04-16 20:08:31,977",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000057c"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x10w\\xf1\\xaa\\xfe\\x7f\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3478
          },
          {
            "timestamp": "2026-04-16 20:08:31,977",
            "thread_id": "160",
            "caller": "0x7ffe4b1ae05a",
            "parentcaller": "0x7ffe4b1ac15a",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1404"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "127.0.0.1"
              },
              {
                "name": "port",
                "value": "9033"
              }
            ],
            "repeated": 0,
            "id": 3479
          },
          {
            "timestamp": "2026-04-16 20:08:31,977",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 11,
            "id": 3480
          },
          {
            "timestamp": "2026-04-16 20:08:32,321",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3481
          },
          {
            "timestamp": "2026-04-16 20:08:32,321",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3482
          },
          {
            "timestamp": "2026-04-16 20:08:32,352",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 14,
            "id": 3483
          },
          {
            "timestamp": "2026-04-16 20:08:32,837",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3484
          },
          {
            "timestamp": "2026-04-16 20:08:32,837",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3485
          },
          {
            "timestamp": "2026-04-16 20:08:32,868",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 14,
            "id": 3486
          },
          {
            "timestamp": "2026-04-16 20:08:33,352",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3487
          },
          {
            "timestamp": "2026-04-16 20:08:33,352",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3488
          },
          {
            "timestamp": "2026-04-16 20:08:33,352",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 3489
          },
          {
            "timestamp": "2026-04-16 20:08:33,868",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3490
          },
          {
            "timestamp": "2026-04-16 20:08:33,868",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3491
          },
          {
            "timestamp": "2026-04-16 20:08:33,868",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 4,
            "id": 3492
          },
          {
            "timestamp": "2026-04-16 20:08:34,040",
            "thread_id": "1128",
            "caller": "0x7ffe4b1ae78d",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1404"
              }
            ],
            "repeated": 0,
            "id": 3493
          },
          {
            "timestamp": "2026-04-16 20:08:34,040",
            "thread_id": "160",
            "caller": "0x7ffe4b1af620",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 3494
          },
          {
            "timestamp": "2026-04-16 20:08:34,384",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3495
          },
          {
            "timestamp": "2026-04-16 20:08:34,384",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3496
          },
          {
            "timestamp": "2026-04-16 20:08:34,899",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3497
          },
          {
            "timestamp": "2026-04-16 20:08:34,899",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3498
          },
          {
            "timestamp": "2026-04-16 20:08:35,415",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3499
          },
          {
            "timestamp": "2026-04-16 20:08:35,415",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3500
          },
          {
            "timestamp": "2026-04-16 20:08:35,931",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3501
          },
          {
            "timestamp": "2026-04-16 20:08:35,931",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3502
          },
          {
            "timestamp": "2026-04-16 20:08:36,446",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3503
          },
          {
            "timestamp": "2026-04-16 20:08:36,446",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3504
          },
          {
            "timestamp": "2026-04-16 20:08:36,868",
            "thread_id": "3664",
            "caller": "0x7ffeaaa04a01",
            "parentcaller": "0x7ffeaaa049bd",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "16"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3664"
              }
            ],
            "repeated": 0,
            "id": 3505
          },
          {
            "timestamp": "2026-04-16 20:08:36,868",
            "thread_id": "3664",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffefccdea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe4a0000"
              }
            ],
            "repeated": 0,
            "id": 3506
          },
          {
            "timestamp": "2026-04-16 20:08:36,868",
            "thread_id": "3664",
            "caller": "0x7ffefe8a466e",
            "parentcaller": "0x7ffefe3f703d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3664"
              }
            ],
            "repeated": 0,
            "id": 3507
          },
          {
            "timestamp": "2026-04-16 20:08:36,868",
            "thread_id": "3664",
            "caller": "0x7ffefb66e309",
            "parentcaller": "0x7ffefb671c15",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000564"
              }
            ],
            "repeated": 0,
            "id": 3508
          },
          {
            "timestamp": "2026-04-16 20:08:36,868",
            "thread_id": "3664",
            "caller": "0x7ffefe8a468e",
            "parentcaller": "0x7ffefe3f703d",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3509
          },
          {
            "timestamp": "2026-04-16 20:08:36,962",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3510
          },
          {
            "timestamp": "2026-04-16 20:08:36,962",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3511
          },
          {
            "timestamp": "2026-04-16 20:08:37,477",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3512
          },
          {
            "timestamp": "2026-04-16 20:08:37,477",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3513
          },
          {
            "timestamp": "2026-04-16 20:08:37,993",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3514
          },
          {
            "timestamp": "2026-04-16 20:08:37,993",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3515
          },
          {
            "timestamp": "2026-04-16 20:08:38,056",
            "thread_id": "160",
            "caller": "0x7ffe4b19957d",
            "parentcaller": "0x7ffe4b1993b7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x15562000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3516
          },
          {
            "timestamp": "2026-04-16 20:08:38,056",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac080",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000580",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1408"
              }
            ],
            "repeated": 0,
            "id": 3517
          },
          {
            "timestamp": "2026-04-16 20:08:38,056",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac0ba",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1408"
              },
              {
                "name": "level",
                "value": "0x7ffe0000ffff"
              },
              {
                "name": "optname",
                "value": "0x7ffe00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3518
          },
          {
            "timestamp": "2026-04-16 20:08:38,056",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1408"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3519
          },
          {
            "timestamp": "2026-04-16 20:08:38,056",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000580"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x10w\\xf1\\xaa\\xfe\\x7f\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3520
          },
          {
            "timestamp": "2026-04-16 20:08:38,056",
            "thread_id": "160",
            "caller": "0x7ffe4b1ae05a",
            "parentcaller": "0x7ffe4b1ac15a",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1408"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "127.0.0.1"
              },
              {
                "name": "port",
                "value": "9033"
              }
            ],
            "repeated": 0,
            "id": 3521
          },
          {
            "timestamp": "2026-04-16 20:08:38,056",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 14,
            "id": 3522
          },
          {
            "timestamp": "2026-04-16 20:08:38,509",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3523
          },
          {
            "timestamp": "2026-04-16 20:08:38,509",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3524
          },
          {
            "timestamp": "2026-04-16 20:08:38,524",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 16,
            "id": 3525
          },
          {
            "timestamp": "2026-04-16 20:08:39,024",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3526
          },
          {
            "timestamp": "2026-04-16 20:08:39,024",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3527
          },
          {
            "timestamp": "2026-04-16 20:08:39,056",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 3528
          },
          {
            "timestamp": "2026-04-16 20:08:39,540",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3529
          },
          {
            "timestamp": "2026-04-16 20:08:39,540",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3530
          },
          {
            "timestamp": "2026-04-16 20:08:39,556",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 3531
          },
          {
            "timestamp": "2026-04-16 20:08:40,056",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3532
          },
          {
            "timestamp": "2026-04-16 20:08:40,056",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3533
          },
          {
            "timestamp": "2026-04-16 20:08:40,056",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 1,
            "id": 3534
          },
          {
            "timestamp": "2026-04-16 20:08:40,087",
            "thread_id": "1128",
            "caller": "0x7ffefc5e55ef",
            "parentcaller": "0x7ffefe3fb5dd",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000588"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00c42c50"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "1580"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              },
              {
                "name": "Module",
                "value": "mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 3535
          },
          {
            "timestamp": "2026-04-16 20:08:40,087",
            "thread_id": "1128",
            "caller": "0x7ffefc5e55ef",
            "parentcaller": "0x7ffefe3fb5dd",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x00000588",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00c42c50"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "1580"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 3536
          },
          {
            "timestamp": "2026-04-16 20:08:40,087",
            "thread_id": "1128",
            "caller": "0x7ffefc627bc0",
            "parentcaller": "0x7ffeaaca89a2",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000588"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "1580"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 3537
          },
          {
            "timestamp": "2026-04-16 20:08:40,087",
            "thread_id": "1128",
            "caller": "0x7ffe4b1ae78d",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1408"
              }
            ],
            "repeated": 0,
            "id": 3538
          },
          {
            "timestamp": "2026-04-16 20:08:40,087",
            "thread_id": "1580",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffefc5e2d56",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              }
            ],
            "repeated": 0,
            "id": 3539
          },
          {
            "timestamp": "2026-04-16 20:08:40,087",
            "thread_id": "1580",
            "caller": "0x7ffefe8c4fed",
            "parentcaller": "0x7ffefe8c4bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3540
          },
          {
            "timestamp": "2026-04-16 20:08:40,087",
            "thread_id": "1580",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00c42c50"
              }
            ],
            "repeated": 0,
            "id": 3541
          },
          {
            "timestamp": "2026-04-16 20:08:40,087",
            "thread_id": "1580",
            "caller": "0x7ffeaacb620d",
            "parentcaller": "0x7ffeaa87894f",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "16384"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3542
          },
          {
            "timestamp": "2026-04-16 20:08:40,087",
            "thread_id": "1580",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaa878a03",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e541000"
              },
              {
                "name": "RegionSize",
                "value": "0x000f7000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3543
          },
          {
            "timestamp": "2026-04-16 20:08:40,118",
            "thread_id": "160",
            "caller": "0x7ffe4b1af620",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 3544
          },
          {
            "timestamp": "2026-04-16 20:08:40,571",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3545
          },
          {
            "timestamp": "2026-04-16 20:08:40,571",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3546
          },
          {
            "timestamp": "2026-04-16 20:08:41,087",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3547
          },
          {
            "timestamp": "2026-04-16 20:08:41,087",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3548
          },
          {
            "timestamp": "2026-04-16 20:08:41,602",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3549
          },
          {
            "timestamp": "2026-04-16 20:08:41,602",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3550
          },
          {
            "timestamp": "2026-04-16 20:08:42,118",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3551
          },
          {
            "timestamp": "2026-04-16 20:08:42,118",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3552
          },
          {
            "timestamp": "2026-04-16 20:08:42,634",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3553
          },
          {
            "timestamp": "2026-04-16 20:08:42,634",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3554
          },
          {
            "timestamp": "2026-04-16 20:08:43,134",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3555
          },
          {
            "timestamp": "2026-04-16 20:08:43,134",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3556
          },
          {
            "timestamp": "2026-04-16 20:08:43,649",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3557
          },
          {
            "timestamp": "2026-04-16 20:08:43,649",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3558
          },
          {
            "timestamp": "2026-04-16 20:08:44,134",
            "thread_id": "160",
            "caller": "0x7ffe4b19957d",
            "parentcaller": "0x7ffe4b1993b7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x15582000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3559
          },
          {
            "timestamp": "2026-04-16 20:08:44,134",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac080",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000590",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1424"
              }
            ],
            "repeated": 0,
            "id": 3560
          },
          {
            "timestamp": "2026-04-16 20:08:44,134",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac0ba",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1424"
              },
              {
                "name": "level",
                "value": "0x7ffe0000ffff"
              },
              {
                "name": "optname",
                "value": "0x7ffe00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3561
          },
          {
            "timestamp": "2026-04-16 20:08:44,134",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1424"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3562
          },
          {
            "timestamp": "2026-04-16 20:08:44,134",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000590"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x10w\\xf1\\xaa\\xfe\\x7f\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3563
          },
          {
            "timestamp": "2026-04-16 20:08:44,134",
            "thread_id": "160",
            "caller": "0x7ffe4b1ae05a",
            "parentcaller": "0x7ffe4b1ac15a",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1424"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "127.0.0.1"
              },
              {
                "name": "port",
                "value": "9033"
              }
            ],
            "repeated": 0,
            "id": 3564
          },
          {
            "timestamp": "2026-04-16 20:08:44,134",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 1,
            "id": 3565
          },
          {
            "timestamp": "2026-04-16 20:08:44,165",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3566
          },
          {
            "timestamp": "2026-04-16 20:08:44,165",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3567
          },
          {
            "timestamp": "2026-04-16 20:08:44,196",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 3568
          },
          {
            "timestamp": "2026-04-16 20:08:44,681",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3569
          },
          {
            "timestamp": "2026-04-16 20:08:44,681",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3570
          },
          {
            "timestamp": "2026-04-16 20:08:44,696",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 16,
            "id": 3571
          },
          {
            "timestamp": "2026-04-16 20:08:45,196",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3572
          },
          {
            "timestamp": "2026-04-16 20:08:45,196",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3573
          },
          {
            "timestamp": "2026-04-16 20:08:45,227",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 3574
          },
          {
            "timestamp": "2026-04-16 20:08:45,712",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3575
          },
          {
            "timestamp": "2026-04-16 20:08:45,712",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3576
          },
          {
            "timestamp": "2026-04-16 20:08:45,727",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 14,
            "id": 3577
          },
          {
            "timestamp": "2026-04-16 20:08:46,181",
            "thread_id": "1580",
            "caller": "0x7ffefc618e6e",
            "parentcaller": "0x7ffeaaca8b2f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000588"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\x8b\\x00\\x00\\x00\\x00\\x00<\\x10\\x00\\x00\\x00\\x00\\x00\\x00,\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "1580"
              }
            ],
            "repeated": 0,
            "id": 3578
          },
          {
            "timestamp": "2026-04-16 20:08:46,181",
            "thread_id": "1580",
            "caller": "0x7ffe4b1ae78d",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1424"
              }
            ],
            "repeated": 0,
            "id": 3579
          },
          {
            "timestamp": "2026-04-16 20:08:46,196",
            "thread_id": "160",
            "caller": "0x7ffe4b1af620",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 3580
          },
          {
            "timestamp": "2026-04-16 20:08:46,227",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3581
          },
          {
            "timestamp": "2026-04-16 20:08:46,227",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3582
          },
          {
            "timestamp": "2026-04-16 20:08:46,743",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3583
          },
          {
            "timestamp": "2026-04-16 20:08:46,743",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3584
          },
          {
            "timestamp": "2026-04-16 20:08:47,259",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3585
          },
          {
            "timestamp": "2026-04-16 20:08:47,259",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3586
          },
          {
            "timestamp": "2026-04-16 20:08:47,774",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3587
          },
          {
            "timestamp": "2026-04-16 20:08:47,774",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3588
          },
          {
            "timestamp": "2026-04-16 20:08:48,290",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3589
          },
          {
            "timestamp": "2026-04-16 20:08:48,290",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3590
          },
          {
            "timestamp": "2026-04-16 20:08:48,618",
            "thread_id": "4860",
            "caller": "0x7ffe4b196d1f",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20000"
              }
            ],
            "repeated": 0,
            "id": 3591
          },
          {
            "timestamp": "2026-04-16 20:08:48,806",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3592
          },
          {
            "timestamp": "2026-04-16 20:08:48,806",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3593
          },
          {
            "timestamp": "2026-04-16 20:08:49,321",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3594
          },
          {
            "timestamp": "2026-04-16 20:08:49,321",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3595
          },
          {
            "timestamp": "2026-04-16 20:08:49,837",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3596
          },
          {
            "timestamp": "2026-04-16 20:08:49,837",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3597
          },
          {
            "timestamp": "2026-04-16 20:08:50,212",
            "thread_id": "160",
            "caller": "0x7ffe4b19957d",
            "parentcaller": "0x7ffe4b1993b7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x155a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3598
          },
          {
            "timestamp": "2026-04-16 20:08:50,212",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac080",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000590",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1424"
              }
            ],
            "repeated": 0,
            "id": 3599
          },
          {
            "timestamp": "2026-04-16 20:08:50,212",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac0ba",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1424"
              },
              {
                "name": "level",
                "value": "0x7ffe0000ffff"
              },
              {
                "name": "optname",
                "value": "0x7ffe00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3600
          },
          {
            "timestamp": "2026-04-16 20:08:50,212",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1424"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3601
          },
          {
            "timestamp": "2026-04-16 20:08:50,212",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000590"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x10w\\xf1\\xaa\\xfe\\x7f\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3602
          },
          {
            "timestamp": "2026-04-16 20:08:50,212",
            "thread_id": "160",
            "caller": "0x7ffe4b1ae05a",
            "parentcaller": "0x7ffe4b1ac15a",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1424"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "127.0.0.1"
              },
              {
                "name": "port",
                "value": "9033"
              }
            ],
            "repeated": 0,
            "id": 3603
          },
          {
            "timestamp": "2026-04-16 20:08:50,212",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 4,
            "id": 3604
          },
          {
            "timestamp": "2026-04-16 20:08:50,352",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3605
          },
          {
            "timestamp": "2026-04-16 20:08:50,352",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3606
          },
          {
            "timestamp": "2026-04-16 20:08:50,368",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 3607
          },
          {
            "timestamp": "2026-04-16 20:08:50,868",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3608
          },
          {
            "timestamp": "2026-04-16 20:08:50,868",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3609
          },
          {
            "timestamp": "2026-04-16 20:08:50,868",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 16,
            "id": 3610
          },
          {
            "timestamp": "2026-04-16 20:08:51,384",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3611
          },
          {
            "timestamp": "2026-04-16 20:08:51,384",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3612
          },
          {
            "timestamp": "2026-04-16 20:08:51,399",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 16,
            "id": 3613
          },
          {
            "timestamp": "2026-04-16 20:08:51,899",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3614
          },
          {
            "timestamp": "2026-04-16 20:08:51,899",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3615
          },
          {
            "timestamp": "2026-04-16 20:08:51,931",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 10,
            "id": 3616
          },
          {
            "timestamp": "2026-04-16 20:08:52,259",
            "thread_id": "1580",
            "caller": "0x7ffe4b1ae78d",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1424"
              }
            ],
            "repeated": 0,
            "id": 3617
          },
          {
            "timestamp": "2026-04-16 20:08:52,274",
            "thread_id": "160",
            "caller": "0x7ffe4b1af620",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 3618
          },
          {
            "timestamp": "2026-04-16 20:08:52,415",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3619
          },
          {
            "timestamp": "2026-04-16 20:08:52,415",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3620
          },
          {
            "timestamp": "2026-04-16 20:08:52,931",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3621
          },
          {
            "timestamp": "2026-04-16 20:08:52,931",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3622
          },
          {
            "timestamp": "2026-04-16 20:08:53,446",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3623
          },
          {
            "timestamp": "2026-04-16 20:08:53,446",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3624
          },
          {
            "timestamp": "2026-04-16 20:08:53,962",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3625
          },
          {
            "timestamp": "2026-04-16 20:08:53,962",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3626
          },
          {
            "timestamp": "2026-04-16 20:08:54,477",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3627
          },
          {
            "timestamp": "2026-04-16 20:08:54,477",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3628
          },
          {
            "timestamp": "2026-04-16 20:08:54,993",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3629
          },
          {
            "timestamp": "2026-04-16 20:08:54,993",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3630
          },
          {
            "timestamp": "2026-04-16 20:08:55,087",
            "thread_id": "1128",
            "caller": "0x7ffeaaa04a01",
            "parentcaller": "0x7ffeaaa049bd",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "16"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "1128"
              }
            ],
            "repeated": 0,
            "id": 3631
          },
          {
            "timestamp": "2026-04-16 20:08:55,087",
            "thread_id": "1128",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffefccdea1e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe4a0000"
              }
            ],
            "repeated": 0,
            "id": 3632
          },
          {
            "timestamp": "2026-04-16 20:08:55,087",
            "thread_id": "1128",
            "caller": "0x7ffefe8a466e",
            "parentcaller": "0x7ffefe3f703d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "1128"
              }
            ],
            "repeated": 0,
            "id": 3633
          },
          {
            "timestamp": "2026-04-16 20:08:55,087",
            "thread_id": "1128",
            "caller": "0x7ffefb66e309",
            "parentcaller": "0x7ffefb671c15",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              }
            ],
            "repeated": 0,
            "id": 3634
          },
          {
            "timestamp": "2026-04-16 20:08:55,087",
            "thread_id": "1128",
            "caller": "0x7ffefe8a468e",
            "parentcaller": "0x7ffefe3f703d",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3635
          },
          {
            "timestamp": "2026-04-16 20:08:55,509",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3636
          },
          {
            "timestamp": "2026-04-16 20:08:55,509",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3637
          },
          {
            "timestamp": "2026-04-16 20:08:56,024",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3638
          },
          {
            "timestamp": "2026-04-16 20:08:56,024",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3639
          },
          {
            "timestamp": "2026-04-16 20:08:56,290",
            "thread_id": "160",
            "caller": "0x7ffe4b19957d",
            "parentcaller": "0x7ffe4b1993b7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x155c2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3640
          },
          {
            "timestamp": "2026-04-16 20:08:56,290",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac080",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000590",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1424"
              }
            ],
            "repeated": 0,
            "id": 3641
          },
          {
            "timestamp": "2026-04-16 20:08:56,290",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac0ba",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1424"
              },
              {
                "name": "level",
                "value": "0x7ffe0000ffff"
              },
              {
                "name": "optname",
                "value": "0x7ffe00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3642
          },
          {
            "timestamp": "2026-04-16 20:08:56,290",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1424"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3643
          },
          {
            "timestamp": "2026-04-16 20:08:56,290",
            "thread_id": "160",
            "caller": "0x7ffe4b1ac15a",
            "parentcaller": "0x7ffe4b199418",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000590"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x10w\\xf1\\xaa\\xfe\\x7f\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3644
          },
          {
            "timestamp": "2026-04-16 20:08:56,290",
            "thread_id": "160",
            "caller": "0x7ffe4b1ae05a",
            "parentcaller": "0x7ffe4b1ac15a",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1424"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "127.0.0.1"
              },
              {
                "name": "port",
                "value": "9033"
              }
            ],
            "repeated": 0,
            "id": 3645
          },
          {
            "timestamp": "2026-04-16 20:08:56,290",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 7,
            "id": 3646
          },
          {
            "timestamp": "2026-04-16 20:08:56,540",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3647
          },
          {
            "timestamp": "2026-04-16 20:08:56,540",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3648
          },
          {
            "timestamp": "2026-04-16 20:08:56,540",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 16,
            "id": 3649
          },
          {
            "timestamp": "2026-04-16 20:08:57,056",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3650
          },
          {
            "timestamp": "2026-04-16 20:08:57,056",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3651
          },
          {
            "timestamp": "2026-04-16 20:08:57,071",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 16,
            "id": 3652
          },
          {
            "timestamp": "2026-04-16 20:08:57,571",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3653
          },
          {
            "timestamp": "2026-04-16 20:08:57,571",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3654
          },
          {
            "timestamp": "2026-04-16 20:08:57,602",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 15,
            "id": 3655
          },
          {
            "timestamp": "2026-04-16 20:08:58,087",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3656
          },
          {
            "timestamp": "2026-04-16 20:08:58,087",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3657
          },
          {
            "timestamp": "2026-04-16 20:08:58,102",
            "thread_id": "160",
            "caller": "0x7ffe4b1adf5c",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 7,
            "id": 3658
          },
          {
            "timestamp": "2026-04-16 20:08:58,321",
            "thread_id": "1580",
            "caller": "0x7ffefc5e55ef",
            "parentcaller": "0x7ffefe3fb5dd",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000005a0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00c42790"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "1988"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              },
              {
                "name": "Module",
                "value": "mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 3659
          },
          {
            "timestamp": "2026-04-16 20:08:58,321",
            "thread_id": "1580",
            "caller": "0x7ffefc5e55ef",
            "parentcaller": "0x7ffefe3fb5dd",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x000005a0",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00c42790"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "1988"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 3660
          },
          {
            "timestamp": "2026-04-16 20:08:58,321",
            "thread_id": "1580",
            "caller": "0x7ffefc627bc0",
            "parentcaller": "0x7ffeaaca89a2",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000005a0"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "1988"
              },
              {
                "name": "ProcessId",
                "value": "4156"
              }
            ],
            "repeated": 0,
            "id": 3661
          },
          {
            "timestamp": "2026-04-16 20:08:58,321",
            "thread_id": "1580",
            "caller": "0x7ffe4b1ae78d",
            "parentcaller": "0x7ffe4b1ae4a4",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1424"
              }
            ],
            "repeated": 0,
            "id": 3662
          },
          {
            "timestamp": "2026-04-16 20:08:58,321",
            "thread_id": "1988",
            "caller": "0x7ffefc5e2dca",
            "parentcaller": "0x7ffefc5e2d56",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ffefe3e0000"
              }
            ],
            "repeated": 0,
            "id": 3663
          },
          {
            "timestamp": "2026-04-16 20:08:58,321",
            "thread_id": "1988",
            "caller": "0x7ffefe8c4fed",
            "parentcaller": "0x7ffefe8c4bb3",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3664
          },
          {
            "timestamp": "2026-04-16 20:08:58,321",
            "thread_id": "1988",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ffeaa860e74"
              },
              {
                "name": "Parameter",
                "value": "0x00c42790"
              }
            ],
            "repeated": 0,
            "id": 3665
          },
          {
            "timestamp": "2026-04-16 20:08:58,321",
            "thread_id": "1988",
            "caller": "0x7ffeaacb620d",
            "parentcaller": "0x7ffeaa87894f",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "16384"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3666
          },
          {
            "timestamp": "2026-04-16 20:08:58,321",
            "thread_id": "1988",
            "caller": "0x7ffefc611998",
            "parentcaller": "0x7ffeaa878a03",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e641000"
              },
              {
                "name": "RegionSize",
                "value": "0x000f7000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3667
          },
          {
            "timestamp": "2026-04-16 20:08:58,352",
            "thread_id": "160",
            "caller": "0x7ffe4b1af620",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 3668
          },
          {
            "timestamp": "2026-04-16 20:08:58,602",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3669
          },
          {
            "timestamp": "2026-04-16 20:08:58,602",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3670
          },
          {
            "timestamp": "2026-04-16 20:08:58,712",
            "thread_id": "4392",
            "caller": "0x7ffefe8a466e",
            "parentcaller": "0x7ffefe8a3738",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "4392"
              }
            ],
            "repeated": 0,
            "id": 3671
          },
          {
            "timestamp": "2026-04-16 20:08:58,712",
            "thread_id": "7340",
            "caller": "0x7ffefe8a466e",
            "parentcaller": "0x7ffefe8a3738",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7340"
              }
            ],
            "repeated": 0,
            "id": 3672
          },
          {
            "timestamp": "2026-04-16 20:08:58,712",
            "thread_id": "7340",
            "caller": "0x7ffefe8aeaa2",
            "parentcaller": "0x7ffefe8674ed",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000038"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 1,
            "id": 3673
          },
          {
            "timestamp": "2026-04-16 20:08:58,712",
            "thread_id": "4392",
            "caller": "0x7ffefe8a468e",
            "parentcaller": "0x7ffefe8a3738",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3674
          },
          {
            "timestamp": "2026-04-16 20:08:58,712",
            "thread_id": "7340",
            "caller": "0x7ffefc5da405",
            "parentcaller": "0x7ffefe5ef332",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 3675
          },
          {
            "timestamp": "2026-04-16 20:08:58,712",
            "thread_id": "7340",
            "caller": "0x7ffefc5da405",
            "parentcaller": "0x7ffefe5ef3f8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 3676
          },
          {
            "timestamp": "2026-04-16 20:08:58,712",
            "thread_id": "7340",
            "caller": "0x7ffefe8a468e",
            "parentcaller": "0x7ffefe8a3738",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3677
          },
          {
            "timestamp": "2026-04-16 20:08:59,118",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3678
          },
          {
            "timestamp": "2026-04-16 20:08:59,118",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3679
          },
          {
            "timestamp": "2026-04-16 20:08:59,634",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3680
          },
          {
            "timestamp": "2026-04-16 20:08:59,634",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3681
          },
          {
            "timestamp": "2026-04-16 20:09:00,149",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3682
          },
          {
            "timestamp": "2026-04-16 20:09:00,149",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3683
          },
          {
            "timestamp": "2026-04-16 20:09:00,665",
            "thread_id": "7696",
            "caller": "0x7ffeaa995b44",
            "parentcaller": "0x7ffeaa96d7ae",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3684
          },
          {
            "timestamp": "2026-04-16 20:09:00,665",
            "thread_id": "7696",
            "caller": "0x7ffefc5f96de",
            "parentcaller": "0x7ffeaac9d9dd",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3685
          }
        ],
        "threads": [
          "812",
          "4500",
          "1060",
          "4564",
          "7644",
          "4600",
          "1216",
          "3140",
          "4860",
          "3776",
          "7968",
          "160",
          "7696",
          "1124",
          "1048",
          "7372",
          "7340",
          "4392",
          "1656",
          "4316",
          "3664",
          "1128",
          "1580",
          "1988"
        ],
        "environ": {
          "UserName": "cape",
          "ComputerName": "DESKTOP-PC01",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Users\\cape\\AppData\\Local\\Temp\\",
          "CommandLine": "\"C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe\" ",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "7c6d-8d48",
          "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
          "MachineGUID": "",
          "MainExeBase": "0x00680000",
          "MainExeSize": "0x00026000",
          "Bitness": "64-bit"
        },
        "file_activities": {
          "read_files": [],
          "write_files": [],
          "delete_files": []
        }
      }
    ],
    "anomaly": [],
    "processtree": [
      {
        "name": "client.bin.exe",
        "pid": 4156,
        "parent_id": 3592,
        "module_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe",
        "children": [],
        "threads": [
          "812",
          "4500",
          "1060",
          "4564",
          "7644",
          "4600",
          "1216",
          "3140",
          "4860",
          "3776",
          "7968",
          "160",
          "7696",
          "1124",
          "1048",
          "7372",
          "7340",
          "4392",
          "1656",
          "4316",
          "3664",
          "1128",
          "1580",
          "1988"
        ],
        "environ": {
          "UserName": "cape",
          "ComputerName": "DESKTOP-PC01",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Users\\cape\\AppData\\Local\\Temp\\",
          "CommandLine": "\"C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe\" ",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "7c6d-8d48",
          "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
          "MachineGUID": "",
          "MainExeBase": "0x00680000",
          "MainExeSize": "0x00026000",
          "Bitness": "64-bit"
        }
      }
    ],
    "summary": {
      "files": [
        "C:\\Windows\\System32\\MSCOREE.DLL.local",
        "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll",
        "C:\\Windows\\Microsoft.NET\\Framework64\\*",
        "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\clr.dll",
        "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll",
        "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe.config",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe",
        "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319",
        "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config",
        "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\fusion.localgac",
        "C:\\Users\\cape\\AppData\\Local\\Microsoft\\CLR_v2.0\\UsageLogs\\client.bin.exe.log",
        "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config",
        "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch",
        "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config",
        "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch",
        "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config",
        "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch",
        "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\indexc.dat",
        "C:\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\mscorlib.INI",
        "C:\\Users",
        "C:\\Users\\cape",
        "C:\\Users\\cape\\AppData",
        "C:\\Users\\cape\\AppData\\Local",
        "C:\\Users\\cape\\AppData\\Local\\Temp",
        "\\Device\\CNG",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.config",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.INI",
        "C:\\Windows\\System32\\l_intl.nls",
        "C:\\Windows\\assembly\\pubpol5.dat",
        "C:\\Windows\\assembly\\GAC\\PublisherPolicy.tme",
        "C:\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.INI",
        "C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.INI",
        "C:\\Windows\\assembly\\GAC_MSIL\\System.Drawing\\2.0.0.0__b03f5f7f11d50a3a\\System.Drawing.INI",
        "C:\\Windows\\assembly\\GAC_64\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a",
        "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a",
        "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll",
        "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.INI",
        "C:\\Windows\\Globalization\\ru-ru.nlp",
        "C:\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll",
        "C:\\Users\\cape\\AppData\\Roaming\\57C9F549-7B50-4C23-B307-58BAB726D1B6",
        "C:\\Users\\cape\\AppData\\Roaming",
        "C:\\Users\\cape\\AppData\\Roaming\\57C9F549-7B50-4C23-B307-58BAB726D1B6\\run.dat",
        "C:\\Users\\cape\\AppData\\Roaming\\57C9F549-7B50-4C23-B307-58BAB726D1B6\\Exceptions\\0.0.0.0",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe:Zone.Identifier",
        "C:\\Users\\cape\\AppData\\Roaming\\57C9F549-7B50-4C23-B307-58BAB726D1B6\\catalog.dat",
        "C:\\Users\\cape\\AppData\\Roaming\\57C9F549-7B50-4C23-B307-58BAB726D1B6\\storage.dat",
        "C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.dll",
        "C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.INI",
        "C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.INI",
        "C:\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp",
        "C:\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp",
        "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\tzres.dll.mui",
        "C:\\Windows\\System32\\ru-RU\\tzres.dll.mui",
        "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\KERNELBASE.dll.mui",
        "C:\\Windows\\System32\\ru-RU\\KERNELBASE.dll.mui",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ClientPlugin.dll",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ClientPlugin\\ClientPlugin.dll",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ClientPlugin.exe",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ClientPlugin\\ClientPlugin.exe",
        "C:\\Windows\\Globalization\\en-us.nlp",
        "C:\\Windows\\assembly\\GAC_64\\mscorlib.resources\\2.0.0.0_ru-RU_b77a5c561934e089",
        "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\2.0.0.0_ru-RU_b77a5c561934e089",
        "C:\\Windows\\assembly\\GAC\\mscorlib.resources\\2.0.0.0_ru-RU_b77a5c561934e089",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\mscorlib.resources.dll",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\mscorlib.resources\\mscorlib.resources.dll",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\mscorlib.resources.exe",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\mscorlib.resources\\mscorlib.resources.exe",
        "C:\\Windows\\Globalization\\ru.nlp",
        "C:\\Windows\\assembly\\GAC_64\\mscorlib.resources\\2.0.0.0_ru_b77a5c561934e089",
        "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\2.0.0.0_ru_b77a5c561934e089",
        "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\2.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll",
        "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\2.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.INI"
      ],
      "read_files": [],
      "write_files": [
        "C:\\Users\\cape\\AppData\\Roaming\\57C9F549-7B50-4C23-B307-58BAB726D1B6\\run.dat"
      ],
      "delete_files": [
        "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe:Zone.Identifier"
      ],
      "keys": [
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\v4.0",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\InstallRoot",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\UseLegacyV2RuntimeActivationPolicyDefaultValue",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\OnlyUseLatestCLR",
        "Policy\\Standards",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Policy\\Standards",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\standards\\v2.0.50727",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NoClientChecks",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\DisableConfigCache",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\AppPatch",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\AppPatch\\v4.0.30319.00000",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\AppPatch\\v4.0.30319.00000\\mscorwks.dll",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\client.bin.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\CacheLocation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DownloadCacheQuotaInKB",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Fusion",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\EnableLog",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LoggingLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\ForceLog",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogFailures",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\VersioningLog",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogResourceBinds",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\UseLegacyIdentityFormat",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DisableMSIPeek",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DevOverrideEnable",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\NGen\\Policy\\v2.0",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\NGen\\Policy\\v2.0\\OptimizeUsedBinaries",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets\\Internet",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets\\LocalIntranet",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\v2.0.50727\\Security\\Policy",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\LatestIndex",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\indexc",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\indexc\\NIUsageMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\indexc\\ILUsageMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\ConfigMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\ConfigString",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\MVID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\EvalationData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\ILDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\NIDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\MissingDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\40159611\\1",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\40159611\\1\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\40159611\\1\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\40159611\\1\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\40159611\\1\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\40159611\\1\\LastModTime",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion\\GACChangeNotification\\Default",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\mscorlib,2.0.0.0,,b77a5c561934e089,AMD64",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration",
        "HKEY_CURRENT_USER",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\5aa75839\\10fdf3",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\StrongName",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\Latest",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\index5",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\LegacyPolicyTimeStamp",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Windows.Forms__b77a5c561934e089",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\ConfigMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\ConfigString",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\MVID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\EvalationData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\ILDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\NIDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\MissingDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\1910f9b6\\2",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\1910f9b6\\2\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\1910f9b6\\2\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\1910f9b6\\2\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\1910f9b6\\2\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\1910f9b6\\2\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\2ea32674\\7",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\2ea32674\\7\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\2ea32674\\7\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\2ea32674\\7\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\2ea32674\\7\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\2ea32674\\7\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\25f1f8b7\\3",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\25f1f8b7\\3\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\25f1f8b7\\3\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\25f1f8b7\\3\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\25f1f8b7\\3\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\25f1f8b7\\3\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\cc504d5\\6",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\cc504d5\\6\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\cc504d5\\6\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\cc504d5\\6\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\cc504d5\\6\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\cc504d5\\6\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7a57f554\\1d",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7a57f554\\1d\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7a57f554\\1d\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7a57f554\\1d\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7a57f554\\1d\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7a57f554\\1d\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\620ba200\\e",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\620ba200\\e\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\620ba200\\e\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\620ba200\\e\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\620ba200\\e\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\620ba200\\e\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\7febb058\\1e",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\7febb058\\1e\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\7febb058\\1e\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\7febb058\\1e\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\7febb058\\1e\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\7febb058\\1e\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\ConfigMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\ConfigString",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\MVID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\EvalationData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\ILDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\NIDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\MissingDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\47b2ade6\\8",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\47b2ade6\\8\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\47b2ade6\\8\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\47b2ade6\\8\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\47b2ade6\\8\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\47b2ade6\\8\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\ConfigMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\ConfigString",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\MVID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\EvalationData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\ILDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\NIDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\MissingDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\24949616\\10",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\24949616\\10\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\24949616\\10\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\24949616\\10\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\24949616\\10\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\24949616\\10\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Drawing__b03f5f7f11d50a3a",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System__b77a5c561934e089",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System,2.0.0.0,,b77a5c561934e089,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Xml__b77a5c561934e089",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Configuration__b03f5f7f11d50a3a",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Deployment__b03f5f7f11d50a3a",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.Accessibility__b03f5f7f11d50a3a",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Security__b03f5f7f11d50a3a",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Policy\\APTCA",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\1c22df2f\\4f99a7c9",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\DbgJITDebugLaunchSetting",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\DbgManagedDebugger",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\MachineGuid",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableLUA",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\InstallationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\159a66b8\\424bd4d8",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\ConfigMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\ConfigString",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\MVID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\EvalationData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\ILDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\NIDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\MissingDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\75638fee\\11593b27\\5",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\75638fee\\11593b27\\5\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\75638fee\\11593b27\\5\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\75638fee\\11593b27\\5\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\75638fee\\11593b27\\5\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\75638fee\\11593b27\\5\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Data.SqlXml__b77a5c561934e089",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\Library",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\IsMultiInstance",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\First Counter",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\CategoryOptions",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\FileMappingSize",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\Counter Names",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\4ecde57e\\31d9ddbb",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-3749840076-4109591986-3192690632-1000\\Installer\\Assemblies\\C:|Users|cape|AppData|Local|Temp|client.bin.exe",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Assemblies\\C:|Users|cape|AppData|Local|Temp|client.bin.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\C:|Users|cape|AppData|Local|Temp|client.bin.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-3749840076-4109591986-3192690632-1000\\Installer\\Assemblies\\Global",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Assemblies\\Global",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.mscorlib.resources_ru-RU_b77a5c561934e089",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\5e8c75c\\de7da15",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.mscorlib.resources_ru_b77a5c561934e089",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\5e8c75c\\2f231edf"
      ],
      "read_keys": [
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\InstallRoot",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\UseLegacyV2RuntimeActivationPolicyDefaultValue",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\OnlyUseLatestCLR",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NoClientChecks",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\DisableConfigCache",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\CacheLocation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DownloadCacheQuotaInKB",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\EnableLog",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LoggingLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\ForceLog",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogFailures",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\VersioningLog",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogResourceBinds",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\UseLegacyIdentityFormat",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DisableMSIPeek",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DevOverrideEnable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\NGen\\Policy\\v2.0\\OptimizeUsedBinaries",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\LatestIndex",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\indexc\\NIUsageMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\indexc\\ILUsageMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\ConfigMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\ConfigString",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\MVID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\EvalationData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\ILDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\NIDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\MissingDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\40159611\\1\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\40159611\\1\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\40159611\\1\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\40159611\\1\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\40159611\\1\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\mscorlib,2.0.0.0,,b77a5c561934e089,AMD64",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\Latest",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\index5",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\LegacyPolicyTimeStamp",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\ConfigMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\ConfigString",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\MVID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\EvalationData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\ILDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\NIDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\MissingDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\1910f9b6\\2\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\1910f9b6\\2\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\1910f9b6\\2\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\1910f9b6\\2\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\1910f9b6\\2\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\2ea32674\\7\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\2ea32674\\7\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\2ea32674\\7\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\2ea32674\\7\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\2ea32674\\7\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\25f1f8b7\\3\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\25f1f8b7\\3\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\25f1f8b7\\3\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\25f1f8b7\\3\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\25f1f8b7\\3\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\cc504d5\\6\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\cc504d5\\6\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\cc504d5\\6\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\cc504d5\\6\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\cc504d5\\6\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7a57f554\\1d\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7a57f554\\1d\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7a57f554\\1d\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7a57f554\\1d\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7a57f554\\1d\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\620ba200\\e\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\620ba200\\e\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\620ba200\\e\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\620ba200\\e\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\620ba200\\e\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\7febb058\\1e\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\7febb058\\1e\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\7febb058\\1e\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\7febb058\\1e\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\7febb058\\1e\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\ConfigMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\ConfigString",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\MVID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\EvalationData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\ILDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\NIDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\MissingDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\47b2ade6\\8\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\47b2ade6\\8\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\47b2ade6\\8\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\47b2ade6\\8\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\47b2ade6\\8\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\ConfigMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\ConfigString",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\MVID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\EvalationData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\ILDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\NIDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\MissingDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\24949616\\10\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\24949616\\10\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\24949616\\10\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\24949616\\10\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\24949616\\10\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System,2.0.0.0,,b77a5c561934e089,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\DbgJITDebugLaunchSetting",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\DbgManagedDebugger",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\MachineGuid",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableLUA",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\InstallationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\ConfigMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\ConfigString",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\MVID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\EvalationData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\ILDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\NIDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\MissingDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\75638fee\\11593b27\\5\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\75638fee\\11593b27\\5\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\75638fee\\11593b27\\5\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\75638fee\\11593b27\\5\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\75638fee\\11593b27\\5\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\Library",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\IsMultiInstance",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\First Counter",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\CategoryOptions",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\FileMappingSize",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\Counter Names",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest"
      ],
      "write_keys": [],
      "delete_keys": [],
      "executed_commands": [],
      "resolved_apis": [],
      "mutexes": [
        "Global\\CLR_CASOFF_MUTEX",
        "Local\\SM0:4156:304:WilStaging_02",
        "Global\\{00000000-0000-0000-0000-000000000000}",
        "Global\\.net clr networking"
      ],
      "created_services": [],
      "started_services": []
    },
    "enhanced": [
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:40,040",
        "eid": 1,
        "data": {
          "file": "ADVAPI32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffefd720000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:40,040",
        "eid": 2,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:40,056",
        "eid": 3,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\InstallRoot",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:40,056",
        "eid": 4,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\InstallRoot",
          "content": "C:\\Windows\\Microsoft.NET\\Framework64\\"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:40,056",
        "eid": 5,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\InstallRoot",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:40,056",
        "eid": 6,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\InstallRoot",
          "content": "C:\\Windows\\Microsoft.NET\\Framework64\\"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:40,056",
        "eid": 7,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\InstallRoot",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:40,056",
        "eid": 8,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\InstallRoot",
          "content": "C:\\Windows\\Microsoft.NET\\Framework64\\"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:40,196",
        "eid": 9,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0",
          "pathtofile": null,
          "moduleaddress": "0x7ffefc5b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:40,196",
        "eid": 10,
        "data": {
          "file": "api-ms-win-core-fibers-l1-1-1",
          "pathtofile": null,
          "moduleaddress": "0x7ffefc5b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:40,196",
        "eid": 11,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0",
          "pathtofile": null,
          "moduleaddress": "0x7ffefc5b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:40,196",
        "eid": 12,
        "data": {
          "file": "api-ms-win-core-fibers-l1-1-1",
          "pathtofile": null,
          "moduleaddress": "0x7ffefc5b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:40,196",
        "eid": 13,
        "data": {
          "file": "api-ms-win-core-localization-l1-2-1",
          "pathtofile": null,
          "moduleaddress": "0x7ffefc5b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:40,196",
        "eid": 14,
        "data": {
          "file": "ADVAPI32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffefd720000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:40,196",
        "eid": 15,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffeef080000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:40,196",
        "eid": 16,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:40,196",
        "eid": 17,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\InstallRoot",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:40,196",
        "eid": 18,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\InstallRoot",
          "content": "C:\\Windows\\Microsoft.NET\\Framework64\\"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:40,212",
        "eid": 19,
        "data": {
          "file": "SHLWAPI.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffefc9f0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:40,212",
        "eid": 20,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:40,227",
        "eid": 21,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\UseLegacyV2RuntimeActivationPolicyDefaultValue",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:40,227",
        "eid": 22,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\OnlyUseLatestCLR",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:40,384",
        "eid": 23,
        "data": {
          "file": "api-ms-win-appmodel-runtime-l1-1-2.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffef9e80000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:40,384",
        "eid": 24,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:40,384",
        "eid": 25,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NoClientChecks",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:40,384",
        "eid": 26,
        "data": {
          "file": "VERSION.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffef5730000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:40,384",
        "eid": 27,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:43,337",
        "eid": 28,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffeaa720000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:43,337",
        "eid": 29,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:43,337",
        "eid": 30,
        "data": {
          "file": "USER32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffefd9e0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:43,337",
        "eid": 31,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:44,368",
        "eid": 32,
        "data": {
          "file": "mscorwks.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:45,321",
        "eid": 33,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\DisableConfigCache",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:45,681",
        "eid": 34,
        "data": {
          "file": "advapi32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:46,540",
        "eid": 35,
        "data": {
          "file": "mscoree.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffeef230000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:46,540",
        "eid": 36,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:46,931",
        "eid": 37,
        "data": {
          "file": "mscoree.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:47,024",
        "eid": 38,
        "data": {
          "file": "mscoree.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-16 20:05:51,821",
        "eid": 39,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-16 20:05:52,165",
        "eid": 40,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:52,259",
        "eid": 41,
        "data": {
          "file": "ntdll",
          "pathtofile": null,
          "moduleaddress": "0x7ffefe850000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:52,259",
        "eid": 42,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:52,274",
        "eid": 43,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:52,321",
        "eid": 44,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\CacheLocation",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:52,321",
        "eid": 45,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:52,337",
        "eid": 46,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DownloadCacheQuotaInKB",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:52,337",
        "eid": 47,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\EnableLog",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:52,337",
        "eid": 48,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LoggingLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:52,337",
        "eid": 49,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\ForceLog",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:52,337",
        "eid": 50,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogFailures",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:52,337",
        "eid": 51,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\VersioningLog",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:52,337",
        "eid": 52,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogResourceBinds",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:52,337",
        "eid": 53,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\UseLegacyIdentityFormat",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:52,337",
        "eid": 54,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DisableMSIPeek",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:52,337",
        "eid": 55,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NoClientChecks",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:52,337",
        "eid": 56,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DevOverrideEnable",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:52,571",
        "eid": 57,
        "data": {
          "file": "advapi32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:52,571",
        "eid": 58,
        "data": {
          "file": "advapi32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:52,665",
        "eid": 59,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:52,727",
        "eid": 60,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\NGen\\Policy\\v2.0\\OptimizeUsedBinaries",
          "content": "1"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:52,743",
        "eid": 61,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:52,946",
        "eid": 62,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:53,118",
        "eid": 63,
        "data": {
          "file": "advapi32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffefd720000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:53,118",
        "eid": 64,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:53,306",
        "eid": 65,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffefdbe0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:53,306",
        "eid": 66,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:53,446",
        "eid": 67,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffefe3e0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:53,540",
        "eid": 68,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:53,556",
        "eid": 69,
        "data": {
          "file": "Kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:53,556",
        "eid": 70,
        "data": {
          "file": "Kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:53,571",
        "eid": 71,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:53,618",
        "eid": 72,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\LatestIndex",
          "content": "12"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:53,618",
        "eid": 73,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\LatestIndex",
          "content": "12"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:53,634",
        "eid": 74,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\indexc\\NIUsageMask",
          "content": "\\xff\\xe1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:53,634",
        "eid": 75,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\indexc\\ILUsageMask",
          "content": "\\xff\\xff\\xff\\xf1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:53,634",
        "eid": 76,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\DisplayName",
          "content": "mscorlib,2.0.0.0,,b77a5c561934e089"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:53,634",
        "eid": 77,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\ConfigMask",
          "content": "4361"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:53,634",
        "eid": 78,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\ConfigString",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:53,634",
        "eid": 79,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\MVID",
          "content": "\\xc3\\x8er,\\xd7\\xd5\\xb0\\xe8\\x93&\\xeeM\\xd7\\xec\\xcc\\x9f"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:53,634",
        "eid": 80,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\EvalationData",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:53,634",
        "eid": 81,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\Status",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:53,634",
        "eid": 82,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\ILDependencies",
          "content": "\\xc5\\xe2Py\\x11\\x96\\x15@\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:53,634",
        "eid": 83,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\NIDependencies",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:53,634",
        "eid": 84,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\1\\MissingDependencies",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:53,634",
        "eid": 85,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\40159611\\1\\DisplayName",
          "content": "mscorlib,2.0.0.0,,b77a5c561934e089"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:53,634",
        "eid": 86,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\40159611\\1\\Status",
          "content": "16390"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:53,634",
        "eid": 87,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\40159611\\1\\Modules",
          "content": "sortkey.nlp|sorttbls.nlp|big5.nlp|bopomofo.nlp|ksc.nlp|prc.nlp|prcp.nlp|xjis.nlp|normidna.nlp|normnfc.nlp|normnfd.nlp|normnfkc.nlp|normnfkd.nlp"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:53,634",
        "eid": 88,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\40159611\\1\\SIG",
          "content": ")\\xe4\\x94\\xdcy\\xcd\\x12A\\xb2\t/]\\xdaW\\x95`\\xfe\\x18KOEToK~\\xf9R\\xf3\\xdb+.\\x1d\\xd3nQc"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:53,634",
        "eid": 89,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\40159611\\1\\LastModTime",
          "content": "3\\xf5\\xd6\\xf6\\x06\\xac\\xdc\\x01"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:53,634",
        "eid": 90,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion\\GACChangeNotification\\Default"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:53,634",
        "eid": 91,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\mscorlib,2.0.0.0,,b77a5c561934e089,AMD64",
          "content": "3\\xf5\\xd6\\xf6\\x06\\xac\\xdc\\x01"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:53,743",
        "eid": 92,
        "data": {
          "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\mscorlib\\c38e722cd7d5b0e89326ee4dd7eccc9f\\mscorlib.ni.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffea9620000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:53,743",
        "eid": 93,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:53,743",
        "eid": 94,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:53,884",
        "eid": 95,
        "data": {
          "file": "MSCORWKS.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:53,884",
        "eid": 96,
        "data": {
          "file": "mscorjit.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:53,977",
        "eid": 97,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\ole32.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:53,977",
        "eid": 98,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:53,977",
        "eid": 99,
        "data": {
          "file": "ole32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffefd110000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:53,977",
        "eid": 100,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:53,977",
        "eid": 101,
        "data": {
          "file": "C:\\Windows\\system32\\rpcss.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,024",
        "eid": 102,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,024",
        "eid": 103,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,024",
        "eid": 104,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,024",
        "eid": 105,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:54,056",
        "eid": 106,
        "data": {
          "file": "C:\\Windows\\System32\\uxtheme.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffef9980000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:54,056",
        "eid": 107,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,071",
        "eid": 108,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme",
          "content": "1"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:54,071",
        "eid": 109,
        "data": {
          "file": "ole32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffefd110000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:54,071",
        "eid": 110,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,399",
        "eid": 111,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\LatestIndex",
          "content": "12"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:54,415",
        "eid": 112,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffefe3e0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:54,415",
        "eid": 113,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:54,571",
        "eid": 114,
        "data": {
          "file": "AdvApi32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffefd720000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:54,571",
        "eid": 115,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:54,571",
        "eid": 116,
        "data": {
          "file": "mscoree.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffeef230000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:54,571",
        "eid": 117,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,571",
        "eid": 118,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\Latest",
          "content": "5"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,571",
        "eid": 119,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\index5",
          "content": "\\x1f"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,571",
        "eid": 120,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\LegacyPolicyTimeStamp",
          "content": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-16 20:05:54,571",
        "eid": 121,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 122,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 123,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\DisplayName",
          "content": "System.Windows.Forms,2.0.0.0,,b77a5c561934e089"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 124,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\ConfigMask",
          "content": "4361"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 125,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\ConfigString",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 126,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\MVID",
          "content": "\\xf5j\\x08\\xa5\\xbd\\xfd\\x91\\xd71n~:\\x8ebV7"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 127,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\EvalationData",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 128,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\Status",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 129,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\ILDependencies",
          "content": "@\\xce]G\\xb6\\xf9\\x10\\x19\\x02\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00W\\x8d\\xab\\x19t&\\xa3.\\x07\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xac\\xd6-\\xb7\\xf8\\xf1%\\x03\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8\\xd4KB\\xd5\\x04\\xc5\\x0c\\x06\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00~L\\xc0AT\\xf5Wz\\x1d\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc5Y\\xed<\\x00\\xa2\\x0bb\\x0e\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00d\\x10\\x99\\x0cX\\xb0\\xeb\\x7f\\x1e\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 130,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\NIDependencies",
          "content": "\\xc68\\x19\\x18\\xc5\\xe2Py\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00O|\\xbc0O\\xfeP?\\x08\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\x06\\xca<\\xc0\\xd4\\xc7m\\x0f\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 131,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\e\\MissingDependencies",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 132,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\1910f9b6\\2\\DisplayName",
          "content": "System.Security,2.0.0.0,,b03f5f7f11d50a3a"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 133,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\1910f9b6\\2\\Status",
          "content": "4098"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 134,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\1910f9b6\\2\\Modules",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 135,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\1910f9b6\\2\\SIG",
          "content": "\\x08\\x03VdL\\xe0}B\\xb3\\x80\\x140i\\xbf^\\xfcT0=\\xdb\\xb5\\x9b\\x9b[1\\xba\\xbe\\xf8I\\x1e\n\\x06G\\xa7\\xbf "
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 136,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\1910f9b6\\2\\LastModTime",
          "content": "\\xa3k\\xc9@\\x07\\xac\\xdc\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 137,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\2ea32674\\7\\DisplayName",
          "content": "System.Xml,2.0.0.0,,b77a5c561934e089"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 138,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\2ea32674\\7\\Status",
          "content": "4098"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 139,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\2ea32674\\7\\Modules",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 140,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\2ea32674\\7\\SIG",
          "content": "\\xb2\\x1aNYhyhC\\xa1\\xe5\\x96\\xe9\\x9a\\xf9@\\xad\\x19-\\x99{\\x90v\\xc4\\xa3+&d\\x93s{\\x8e\\xce\\x92\\x18\\xc5\\xc6"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 141,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\2ea32674\\7\\LastModTime",
          "content": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 142,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\25f1f8b7\\3\\DisplayName",
          "content": "Accessibility,2.0.0.0,,b03f5f7f11d50a3a"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 143,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\25f1f8b7\\3\\Status",
          "content": "4098"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 144,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\25f1f8b7\\3\\Modules",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 145,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\25f1f8b7\\3\\SIG",
          "content": "z\\xb1\\xaa^\\x82\\x82\\x9bJ\\x84\\x94\\xe5%\\x92\\xf5P\r\\xd2\\xaf\\x11Z\\xf2&\\x19R\\x02V\\x821_\\\\xabW\\xeb\\xe8\\xb4\\xef"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 146,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\25f1f8b7\\3\\LastModTime",
          "content": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 147,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\cc504d5\\6\\DisplayName",
          "content": "System.Configuration,2.0.0.0,,b03f5f7f11d50a3a"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 148,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\cc504d5\\6\\Status",
          "content": "4098"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 149,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\cc504d5\\6\\Modules",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 150,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\cc504d5\\6\\SIG",
          "content": ";\\xf2\\x93\\x1d\\xca\\xffYI\\xab\\xdc&X\\x07\\xe4$-!M\\xd0D\\x87\\xd2\\xcbu\\xd7)\\x06\\xd2\\xf2\\x1b\\x07\n{\\xefi\\xab"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 151,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\cc504d5\\6\\LastModTime",
          "content": "Zk\\xb2'\\x07\\xac\\xdc\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 152,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7a57f554\\1d\\DisplayName",
          "content": "System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 153,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7a57f554\\1d\\Status",
          "content": "4098"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 154,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7a57f554\\1d\\Modules",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 155,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7a57f554\\1d\\SIG",
          "content": "P\\xd0O\\xcbR]\\x90@\\x85\\x86M\\x87\\x82\r\\xa8\\xdd~\\x17\\xf4\\xe2\\x84\\xca\\x8c\\xfd-\\xacs\\xce\\xf7 \\xc3/\\xb3\\xcft\\xbf"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 156,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7a57f554\\1d\\LastModTime",
          "content": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 157,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\620ba200\\e\\DisplayName",
          "content": "System.Deployment,2.0.0.0,,b03f5f7f11d50a3a"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 158,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\620ba200\\e\\Status",
          "content": "4098"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 159,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\620ba200\\e\\Modules",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 160,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\620ba200\\e\\SIG",
          "content": "\\xe1\\x8a\\xf5\\x0e\\xe2q\\x8bN\\x97\nB#\\x17\\x8a\\xe6\\xf3\\xe4i\\x1a\\xeeJVa\\\\xcb\\x0ff)\\x08UQ\\x86\\x80E\\x08\\x1a"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 161,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\620ba200\\e\\LastModTime",
          "content": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 162,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\7febb058\\1e\\DisplayName",
          "content": "System.Windows.Forms,2.0.0.0,,b77a5c561934e089"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 163,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\7febb058\\1e\\Status",
          "content": "4098"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 164,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\7febb058\\1e\\Modules",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 165,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\7febb058\\1e\\SIG",
          "content": "\\x84\\xda\\xb9\\xe2\\xe1\\5I\\x8c\\xe5a\\xb1\\xb8\\x91\\xd5\\xf7\\xeeKz\\x06#R\\x17\\xc9\\xbf0\\xed\\xbb\\x91p\\x9a#Zk@\\xd5"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,587",
        "eid": 166,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\7febb058\\1e\\LastModTime",
          "content": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 167,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\DisplayName",
          "content": "System,2.0.0.0,,b77a5c561934e089"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 168,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\ConfigMask",
          "content": "4361"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 169,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\ConfigString",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 170,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\MVID",
          "content": "IjE\\xa0aK7\\xe8\\xf0&\r?*\\xda\\xbcR"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 171,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\EvalationData",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 172,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\Status",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 173,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\ILDependencies",
          "content": "\\xd8\\xd4KB\\xd5\\x04\\xc5\\x0c\\x06\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00W\\x8d\\xab\\x19t&\\xa3.\\x07\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00O\\xfeP?\\xe6\\xad\\xb2G\\x08\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 174,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\NIDependencies",
          "content": "\\xc68\\x19\\x18\\xc5\\xe2Py\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 175,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\8\\MissingDependencies",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 176,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\47b2ade6\\8\\DisplayName",
          "content": "System,2.0.0.0,,b77a5c561934e089"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 177,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\47b2ade6\\8\\Status",
          "content": "4098"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 178,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\47b2ade6\\8\\Modules",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 179,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\47b2ade6\\8\\SIG",
          "content": "\\xd40\\\\x82\\xcf\\xa4LF\\xb7\\xeb\\xb8\\x14XT\\xd1\\xf81\\x82\\x8d\\xfa\\x12E\\x8d}\\x7f\\x90'\\xf5\\xa5\\x82\\xdb\\x0c\\x14c\\x12\\x1a"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 180,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\47b2ade6\\8\\LastModTime",
          "content": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 181,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\DisplayName",
          "content": "System.Drawing,2.0.0.0,,b03f5f7f11d50a3a"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 182,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\ConfigMask",
          "content": "4361"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 183,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\ConfigString",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 184,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\MVID",
          "content": "q\\x98\\x85\\x1e\\xdeF\\xae\\x046)\\xa6\\x10\\x91B/d"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 185,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\EvalationData",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 186,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\Status",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 187,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\ILDependencies",
          "content": "\\xc0\\xd4\\xc7m\\x16\\x96\\x94$\\x10\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 188,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\NIDependencies",
          "content": "\\xc68\\x19\\x18\\xc5\\xe2Py\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00O|\\xbc0O\\xfeP?\\x08\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 189,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\f\\MissingDependencies",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 190,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\24949616\\10\\DisplayName",
          "content": "System.Drawing,2.0.0.0,,b03f5f7f11d50a3a"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 191,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\24949616\\10\\Status",
          "content": "4098"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 192,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\24949616\\10\\Modules",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 193,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\24949616\\10\\SIG",
          "content": "\\x7fX\\xbb\\xfa\\x0e\\xf2\\xcbD\\x91\\xf4^\\x19\\xf6\r\r\\x0c\\xab\\x0eq\\xfcgB\\x12\\xe3\\xe8\\xe5\\x99Q\\x80\\xb8\\x0bu\\xdc\\x16\\x14?"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 194,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\24949616\\10\\LastModTime",
          "content": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 195,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL",
          "content": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 196,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
          "content": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 197,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System,2.0.0.0,,b77a5c561934e089,MSIL",
          "content": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 198,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL",
          "content": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,602",
        "eid": 199,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
          "content": "Zk\\xb2'\\x07\\xac\\xdc\\x01"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:54,696",
        "eid": 200,
        "data": {
          "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System\\496a45a0614b37e8f0260d3f2adabc52\\System.ni.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffea8be0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:54,712",
        "eid": 201,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:54,774",
        "eid": 202,
        "data": {
          "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Drawing\\7198851ede46ae043629a61091422f64\\System.Drawing.ni.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffea89a0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:54,774",
        "eid": 203,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,806",
        "eid": 204,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
          "content": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,806",
        "eid": 205,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
          "content": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,806",
        "eid": 206,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
          "content": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:05:54,806",
        "eid": 207,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
          "content": "\\xa3k\\xc9@\\x07\\xac\\xdc\\x01"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:54,821",
        "eid": 208,
        "data": {
          "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Windows.Forms\\f56a08a5bdfd91d7316e7e3a8e625637\\System.Windows.Forms.ni.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffea7900000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:54,821",
        "eid": 209,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:54,837",
        "eid": 210,
        "data": {
          "file": "MSCORWKS.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:54,837",
        "eid": 211,
        "data": {
          "file": "mscorjit.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:54,852",
        "eid": 212,
        "data": {
          "file": "MSCORWKS.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:54,852",
        "eid": 213,
        "data": {
          "file": "mscorjit.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:54,915",
        "eid": 214,
        "data": {
          "file": "MSCORWKS.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:54,915",
        "eid": 215,
        "data": {
          "file": "mscorjit.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:55,743",
        "eid": 216,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorjit.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffeac470000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:55,743",
        "eid": 217,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:55,743",
        "eid": 218,
        "data": {
          "file": "mscorwks.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:55,743",
        "eid": 219,
        "data": {
          "file": "mscoree.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffeef230000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:55,743",
        "eid": 220,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:57,290",
        "eid": 221,
        "data": {
          "file": "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll",
          "pathtofile": null,
          "moduleaddress": "0x04e00000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:57,290",
        "eid": 222,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:59,415",
        "eid": 223,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\VERSION.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:59,415",
        "eid": 224,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:59,415",
        "eid": 225,
        "data": {
          "file": "VERSION.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffef5730000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:59,415",
        "eid": 226,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:59,634",
        "eid": 227,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:59,759",
        "eid": 228,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffefe850000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:59,759",
        "eid": 229,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:59,884",
        "eid": 230,
        "data": {
          "file": "user32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffefd9e0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:05:59,884",
        "eid": 231,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:00,399",
        "eid": 232,
        "data": {
          "file": "user32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:00,509",
        "eid": 233,
        "data": {
          "file": "ole32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffefd110000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:00,509",
        "eid": 234,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:00,509",
        "eid": 235,
        "data": {
          "file": "gdi32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffefd7d0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:00,509",
        "eid": 236,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:00,509",
        "eid": 237,
        "data": {
          "file": "advapi32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffefd720000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:00,509",
        "eid": 238,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:00,509",
        "eid": 239,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\DbgJITDebugLaunchSetting",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:00,524",
        "eid": 240,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\DbgManagedDebugger",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:00,540",
        "eid": 241,
        "data": {
          "file": "C:\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\uxtheme.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:00,540",
        "eid": 242,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:00,540",
        "eid": 243,
        "data": {
          "file": "uxtheme.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffef9980000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:00,540",
        "eid": 244,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:00,727",
        "eid": 245,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:00,868",
        "eid": 246,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:01,009",
        "eid": 247,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:01,243",
        "eid": 248,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:01,587",
        "eid": 249,
        "data": {
          "file": "mscoree.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffeef230000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:01,587",
        "eid": 250,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:01,587",
        "eid": 251,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Gdiplus.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:01,587",
        "eid": 252,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:01,587",
        "eid": 253,
        "data": {
          "file": "gdiplus.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffed40d0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:01,587",
        "eid": 254,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:01,618",
        "eid": 255,
        "data": {
          "file": "user32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:01,618",
        "eid": 256,
        "data": {
          "file": "gdi32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:01,618",
        "eid": 257,
        "data": {
          "file": "C:\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.2006_none_919e9136cc8d4791\\GdiPlus.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffed40d0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:01,649",
        "eid": 258,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:01,649",
        "eid": 259,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:04,868",
        "eid": 260,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\MachineGuid",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:04,868",
        "eid": 261,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\MachineGuid",
          "content": "57c9f549-7b50-4c23-b307-58bab726d1b6"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:04,884",
        "eid": 262,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableLUA",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:04,884",
        "eid": 263,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableLUA",
          "content": "0"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:05,040",
        "eid": 264,
        "data": {
          "file": "shfolder.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffef08f0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:05,040",
        "eid": 265,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-04-16 20:06:05,056",
        "eid": 266,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\57C9F549-7B50-4C23-B307-58BAB726D1B6"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-04-16 20:06:05,181",
        "eid": 267,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\57C9F549-7B50-4C23-B307-58BAB726D1B6\\run.dat"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-04-16 20:06:06,931",
        "eid": 268,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe:Zone.Identifier"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:08,274",
        "eid": 269,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:08,274",
        "eid": 270,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffefe850000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:08,274",
        "eid": 271,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:08,274",
        "eid": 272,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:08,290",
        "eid": 273,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:13,665",
        "eid": 274,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\InstallationType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:13,665",
        "eid": 275,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\InstallationType",
          "content": "Client"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:15,540",
        "eid": 276,
        "data": {
          "file": "C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\ws2_32.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:15,540",
        "eid": 277,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:15,540",
        "eid": 278,
        "data": {
          "file": "ws2_32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffefd6b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:15,540",
        "eid": 279,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:15,806",
        "eid": 280,
        "data": {
          "file": "C:\\Windows\\System32\\mswsock.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffefb660000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:19,915",
        "eid": 281,
        "data": {
          "file": "C:\\Windows\\System32\\mswsock.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffefb660000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:22,181",
        "eid": 282,
        "data": {
          "file": "C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.dll",
          "pathtofile": null,
          "moduleaddress": "0x1dca0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:22,181",
        "eid": 283,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:28,243",
        "eid": 284,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\DisplayName",
          "content": "System.Xml,2.0.0.0,,b77a5c561934e089"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:28,243",
        "eid": 285,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\ConfigMask",
          "content": "4361"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:28,243",
        "eid": 286,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\ConfigString",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:28,243",
        "eid": 287,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\MVID",
          "content": "\\x8cQv\\xbaQ.\\x86OzM\\xec;\\x9e\\x05.b"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:28,243",
        "eid": 288,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\EvalationData",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:28,243",
        "eid": 289,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\Status",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:28,243",
        "eid": 290,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\ILDependencies",
          "content": "\\xd8\\xd4KB\\xd5\\x04\\xc5\\x0c\\x06\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xee\\x8fcu';Y\\x11\\x05\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00W\\x8d\\xab\\x19t&\\xa3.\\x07\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:28,243",
        "eid": 291,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\NIDependencies",
          "content": "\\xc68\\x19\\x18\\xc5\\xe2Py\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00O|\\xbc0O\\xfeP?\\x08\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:28,243",
        "eid": 292,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\6faf58\\19ab8d57\\7\\MissingDependencies",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:28,243",
        "eid": 293,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\75638fee\\11593b27\\5\\DisplayName",
          "content": "System.Data.SqlXml,2.0.0.0,,b77a5c561934e089"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:28,243",
        "eid": 294,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\75638fee\\11593b27\\5\\Status",
          "content": "4098"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:28,243",
        "eid": 295,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\75638fee\\11593b27\\5\\Modules",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:28,243",
        "eid": 296,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\75638fee\\11593b27\\5\\SIG",
          "content": "9S\\x1e/K\\x98DN\\xa1\\xa3^\\xba\\xd8\\xae\\xa3M\\x85\\x11\\x9b\\x17\\x815z^\\x15:\\xb8\\xb7\\x13\\x01\\xd4)\\xebl\\xb1\\x90"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:28,243",
        "eid": 297,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\75638fee\\11593b27\\5\\LastModTime",
          "content": "\\x00\\xe8\\xdd\\xc5;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:28,243",
        "eid": 298,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL",
          "content": "\\x00\\xe8\\xdd\\xc5;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:29,712",
        "eid": 299,
        "data": {
          "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Xml\\8c5176ba512e864f7a4dec3b9e052e62\\System.Xml.ni.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffea5e60000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:29,712",
        "eid": 300,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:29,977",
        "eid": 301,
        "data": {
          "file": "MSCORWKS.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:29,977",
        "eid": 302,
        "data": {
          "file": "mscorjit.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-16 20:06:38,524",
        "eid": 303,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-16 20:06:38,618",
        "eid": 304,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-16 20:06:38,618",
        "eid": 305,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-16 20:06:38,618",
        "eid": 306,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:38,759",
        "eid": 307,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffefafe0000"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-16 20:06:39,571",
        "eid": 308,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-16 20:06:40,649",
        "eid": 309,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-16 20:06:40,759",
        "eid": 310,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-16 20:06:40,946",
        "eid": 311,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:44,634",
        "eid": 312,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\Library",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:44,634",
        "eid": 313,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\Library",
          "content": "%systemroot%\\system32\\netfxperf.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:44,634",
        "eid": 314,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\IsMultiInstance",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:44,634",
        "eid": 315,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\IsMultiInstance",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:44,634",
        "eid": 316,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\First Counter",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:44,634",
        "eid": 317,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\First Counter",
          "content": "6828"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:44,696",
        "eid": 318,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\CategoryOptions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:44,696",
        "eid": 319,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\CategoryOptions",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:44,696",
        "eid": 320,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\FileMappingSize",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:44,696",
        "eid": 321,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\FileMappingSize",
          "content": "131072"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:44,696",
        "eid": 322,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\Counter Names",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:44,696",
        "eid": 323,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\Counter Names",
          "content": "C\\x00o\\x00n\\x00n\\x00e\\x00c\\x00t\\x00i\\x00o\\x00n\\x00s\\x00 \\x00E\\x00s\\x00t\\x00a\\x00b\\x00l\\x00i\\x00s\\x00h\\x00e\\x00d\\x00\\x00\\x00B\\x00y\\x00t\\x00e\\x00s\\x00 \\x00R\\x00e\\x00c\\x00e\\x00i\\x00v\\x00e\\x00d\\x00\\x00\\x00B\\x00y\\x00t\\x00e\\x00s\\x00 \\x00S\\x00e\\x00n\\x00t\\x00\\x00\\x00D\\x00a\\x00t\\x00a\\x00g\\x00r\\x00a\\x00m\\x00s\\x00 \\x00R\\x00e\\x00c\\x00e\\x00i\\x00v\\x00e\\x00d\\x00\\x00\\x00D\\x00a\\x00t\\x00a\\x00g\\x00r\\x00a\\x00m\\x00s\\x00 \\x00S\\x00e\\x00n\\x00t\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:44,806",
        "eid": 324,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:44,806",
        "eid": 325,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:44,806",
        "eid": 326,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:44,821",
        "eid": 327,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:44,821",
        "eid": 328,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:46,977",
        "eid": 329,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:47,259",
        "eid": 330,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:47,259",
        "eid": 331,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:49,852",
        "eid": 332,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-16 20:06:50,056",
        "eid": 333,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:50,134",
        "eid": 334,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Culture.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffef04d0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:50,134",
        "eid": 335,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:50,165",
        "eid": 336,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:50,196",
        "eid": 337,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:50,477",
        "eid": 338,
        "data": {
          "file": "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\2.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll",
          "pathtofile": null,
          "moduleaddress": "0x00e70000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:50,477",
        "eid": 339,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:50,556",
        "eid": 340,
        "data": {
          "file": "C:\\Windows\\System32\\mscoree.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffeef230000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:50,806",
        "eid": 341,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\diasymreader.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffed5620000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:06:50,852",
        "eid": 342,
        "data": {
          "file": "C:\\Windows\\System32\\mscoree.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ffeef230000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:07:04,868",
        "eid": 343,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:07:09,056",
        "eid": 344,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:07:14,696",
        "eid": 345,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:07:14,759",
        "eid": 346,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:07:24,056",
        "eid": 347,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:07:27,243",
        "eid": 348,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:07:42,259",
        "eid": 349,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:07:45,431",
        "eid": 350,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:08:00,431",
        "eid": 351,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:08:03,696",
        "eid": 352,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:08:18,712",
        "eid": 353,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:08:21,868",
        "eid": 354,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:08:36,868",
        "eid": 355,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:08:40,087",
        "eid": 356,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:08:55,087",
        "eid": 357,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-16 20:08:58,321",
        "eid": 358,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      }
    ],
    "encryptedbuffers": [],
    "network_map": {
      "endpoint_map": {},
      "http_host_map": {},
      "dns_intents": {},
      "http_requests": [],
      "winhttp_sessions": []
    }
  },
  "debug": {
    "log": "2026-03-05 20:34:40,460 [root] INFO: Date set to: 20260416T23:04:38, timeout set to: 200\n2026-04-16 23:04:38,227 [root] DEBUG: Starting analyzer from: C:\\tvrblpce\n2026-04-16 23:04:38,243 [root] DEBUG: Storing results at: C:\\ZPIRIzm\n2026-04-16 23:04:38,243 [root] DEBUG: Pipe server name: \\\\.\\PIPE\\bxTsxoc\n2026-04-16 23:04:38,243 [root] DEBUG: Python path: C:\\Python310\n2026-04-16 23:04:38,243 [root] INFO: analysis running as an admin\n2026-04-16 23:04:38,243 [root] INFO: analysis package specified: \"exe\"\n2026-04-16 23:04:38,243 [root] DEBUG: importing analysis package module: \"modules.packages.exe\"...\n2026-04-16 23:04:38,258 [root] DEBUG: imported analysis package \"exe\"\n2026-04-16 23:04:38,258 [root] DEBUG: initializing analysis package \"exe\"...\n2026-04-16 23:04:38,258 [lib.common.common] INFO: wrapping\n2026-04-16 23:04:38,258 [lib.core.compound] INFO: C:\\Users\\cape\\AppData\\Local\\Temp already exists, skipping creation\n2026-04-16 23:04:38,258 [root] DEBUG: New location of moved file: C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin\n2026-04-16 23:04:38,258 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option\n2026-04-16 23:04:38,258 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option\n2026-04-16 23:04:38,258 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option\n2026-04-16 23:04:38,258 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option\n2026-04-16 23:04:38,524 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.browser\"\n2026-04-16 23:04:39,024 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.digisig\"\n2026-04-16 23:04:39,055 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.disguise\"\n2026-04-16 23:04:39,086 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.human\"\n2026-04-16 23:04:39,633 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'\n2026-04-16 23:04:39,883 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageGrab'\n2026-04-16 23:04:39,961 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw'\n2026-04-16 23:05:22,211 [lib.api.screenshot] INFO: Please upgrade Pillow to >= 5.4.1 for best performance\n2026-04-16 23:05:22,227 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.screenshots\"\n2026-04-16 23:05:22,227 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.tlsdump\"\n2026-04-16 23:05:22,227 [root] DEBUG: Initialized auxiliary module \"Browser\"\n2026-04-16 23:05:22,227 [root] DEBUG: attempting to configure 'Browser' from data\n2026-04-16 23:05:22,227 [root] DEBUG: module Browser does not support data configuration, ignoring\n2026-04-16 23:05:22,227 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.browser\"...\n2026-04-16 23:05:22,227 [root] DEBUG: Started auxiliary module modules.auxiliary.browser\n2026-04-16 23:05:22,243 [root] DEBUG: Initialized auxiliary module \"DigiSig\"\n2026-04-16 23:05:22,243 [root] DEBUG: attempting to configure 'DigiSig' from data\n2026-04-16 23:05:22,243 [root] DEBUG: module DigiSig does not support data configuration, ignoring\n2026-04-16 23:05:22,243 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.digisig\"...\n2026-04-16 23:05:22,243 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature\n2026-04-16 23:05:23,336 [modules.auxiliary.digisig] DEBUG: File is not signed\n2026-04-16 23:05:23,352 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json\n2026-04-16 23:05:23,352 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig\n2026-04-16 23:05:23,352 [root] DEBUG: Initialized auxiliary module \"Disguise\"\n2026-04-16 23:05:23,352 [root] DEBUG: attempting to configure 'Disguise' from data\n2026-04-16 23:05:23,352 [root] DEBUG: module Disguise does not support data configuration, ignoring\n2026-04-16 23:05:23,352 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.disguise\"...\n2026-04-16 23:05:23,446 [modules.auxiliary.disguise] INFO: Disguising GUID to 57c9f549-7b50-4c23-b307-58bab726d1b6\n2026-04-16 23:05:23,446 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise\n2026-04-16 23:05:23,446 [root] DEBUG: Initialized auxiliary module \"Human\"\n2026-04-16 23:05:23,446 [root] DEBUG: attempting to configure 'Human' from data\n2026-04-16 23:05:23,446 [root] DEBUG: module Human does not support data configuration, ignoring\n2026-04-16 23:05:23,446 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.human\"...\n2026-04-16 23:05:23,461 [root] DEBUG: Started auxiliary module modules.auxiliary.human\n2026-04-16 23:05:23,461 [root] DEBUG: Initialized auxiliary module \"Screenshots\"\n2026-04-16 23:05:23,461 [root] DEBUG: attempting to configure 'Screenshots' from data\n2026-04-16 23:05:23,461 [root] DEBUG: module Screenshots does not support data configuration, ignoring\n2026-04-16 23:05:23,461 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.screenshots\"...\n2026-04-16 23:05:23,477 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots\n2026-04-16 23:05:23,477 [root] DEBUG: Initialized auxiliary module \"TLSDumpMasterSecrets\"\n2026-04-16 23:05:23,477 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data\n2026-04-16 23:05:23,477 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring\n2026-04-16 23:05:23,493 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.tlsdump\"...\n2026-04-16 23:05:23,493 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 644\n2026-04-16 23:05:23,743 [lib.api.process] INFO: Monitor config for <Process 644 lsass.exe>: C:\\tvrblpce\\dll\\644.ini\n2026-04-16 23:05:23,993 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor\n2026-04-16 23:05:24,040 [lib.api.process] INFO: 64-bit DLL to inject is C:\\tvrblpce\\dll\\JGibZgc.dll, loader C:\\tvrblpce\\bin\\xdAAYFAf.exe\n2026-04-16 23:05:24,305 [root] DEBUG: Loader: Injecting process 644 with C:\\tvrblpce\\dll\\JGibZgc.dll.\n2026-04-16 23:05:25,118 [root] DEBUG: 644: Python path set to 'C:\\Python310'.\n2026-04-16 23:05:25,164 [root] DEBUG: 644: Disabling sleep skipping.\n2026-04-16 23:05:25,164 [root] DEBUG: 644: TLS secret dump mode enabled.\n2026-04-16 23:05:25,508 [root] DEBUG: 644: RtlInsertInvertedFunctionTable 0x00007FFEFE86090E, LdrpInvertedFunctionTableSRWLock 0x00007FFEFE9BD500\n2026-04-16 23:05:25,508 [root] DEBUG: 644: Monitor initialised: 64-bit capemon loaded in process 644 at 0x00007FFEABE30000, thread 6004, image base 0x00007FF7C23E0000, stack from 0x0000008E4CB71000-0x0000008E4CB80000\n2026-04-16 23:05:25,508 [root] DEBUG: 644: Commandline: C:\\Windows\\system32\\lsass.exe\n2026-04-16 23:05:25,539 [root] DEBUG: 644: Hooked 5 out of 5 functions\n2026-04-16 23:05:25,555 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.\n2026-04-16 23:05:25,555 [root] DEBUG: Successfully injected DLL C:\\tvrblpce\\dll\\JGibZgc.dll.\n2026-04-16 23:05:25,555 [lib.api.process] INFO: Injected into 64-bit <Process 644 lsass.exe>\n2026-04-16 23:05:25,555 [root] DEBUG: Started auxiliary module modules.auxiliary.tlsdump\n2026-04-16 23:05:26,571 [root] DEBUG: 644: TLS 1.2 secrets logged to: C:\\ZPIRIzm\\tlsdump\\tlsdump.log\n2026-04-16 23:05:36,899 [root] INFO: Restarting WMI Service\n2026-04-16 23:05:36,961 [root] DEBUG: package modules.packages.exe does not support configure, ignoring\n2026-04-16 23:05:36,961 [root] WARNING: configuration error for package modules.packages.exe: error importing data.packages.exe: No module named 'data.packages'\n2026-04-16 23:05:36,961 [lib.common.common] INFO: Submitted file is missing extension, adding .exe\n2026-04-16 23:05:36,977 [lib.core.compound] INFO: C:\\Users\\cape\\AppData\\Local\\Temp already exists, skipping creation\n2026-04-16 23:05:37,102 [lib.api.process] INFO: Successfully executed process from path \"C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe\" with arguments \"\" with pid 4156\n2026-04-16 23:05:37,118 [lib.api.process] INFO: Monitor config for <Process 4156 client.bin.exe>: C:\\tvrblpce\\dll\\4156.ini\n2026-04-16 23:05:37,118 [lib.api.process] INFO: 64-bit DLL to inject is C:\\tvrblpce\\dll\\JGibZgc.dll, loader C:\\tvrblpce\\bin\\xdAAYFAf.exe\n2026-04-16 23:05:37,133 [root] DEBUG: Loader: Injecting process 4156 (thread 812) with C:\\tvrblpce\\dll\\JGibZgc.dll.\n2026-04-16 23:05:37,149 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.\n2026-04-16 23:05:37,149 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.\n2026-04-16 23:05:37,149 [root] DEBUG: Successfully injected DLL C:\\tvrblpce\\dll\\JGibZgc.dll.\n2026-04-16 23:05:37,149 [lib.api.process] INFO: Injected into 64-bit <Process 4156 client.bin.exe>\n2026-04-16 23:05:39,180 [lib.api.process] INFO: Successfully resumed <Process 4156 client.bin.exe>\n2026-04-16 23:05:39,289 [root] DEBUG: 4156: Python path set to 'C:\\Python310'.\n2026-04-16 23:05:39,368 [root] DEBUG: 4156: Disabling sleep skipping.\n2026-04-16 23:05:39,368 [root] DEBUG: 4156: Dropped file limit defaulting to 100.\n2026-04-16 23:05:39,414 [root] DEBUG: 4156: YaraInit: Compiled 44 rule files\n2026-04-16 23:05:39,414 [root] DEBUG: 4156: YaraInit: Compiled rules saved to file C:\\tvrblpce\\data\\yara\\capemon.yac\n2026-04-16 23:05:39,461 [root] DEBUG: 4156: RtlInsertInvertedFunctionTable 0x00007FFEFE86090E, LdrpInvertedFunctionTableSRWLock 0x00007FFEFE9BD500\n2026-04-16 23:05:39,461 [root] DEBUG: 4156: YaraScan: Scanning 0x0000000000680000, size 0x200\n2026-04-16 23:05:39,461 [root] DEBUG: 4156: Monitor initialised: 64-bit capemon loaded in process 4156 at 0x00007FFEABE30000, thread 812, image base 0x0000000000680000, stack from 0x00000000007E1000-0x00000000007F0000\n2026-04-16 23:05:39,461 [root] DEBUG: 4156: Commandline: \"C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe\"\n2026-04-16 23:05:39,493 [root] DEBUG: 4156: hook_api: LdrpCallInitRoutine export address 0x00007FFEFE8699BC obtained via GetFunctionAddress\n2026-04-16 23:05:39,571 [root] WARNING: b'Unable to place hook on LockResource'\n2026-04-16 23:05:39,571 [root] DEBUG: 4156: set_hooks: Unable to hook LockResource\n2026-04-16 23:05:39,727 [root] DEBUG: 4156: Hooked 627 out of 628 functions\n2026-04-16 23:05:39,836 [root] DEBUG: 4156: Syscall hook installed, syscall logging level 1\n2026-04-16 23:05:39,868 [root] INFO: Loaded monitor into process with pid 4156\n2026-04-16 23:05:40,055 [root] DEBUG: 4156: DLL loaded at 0x00007FFEEF080000: C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei (0xaa000 bytes).\n2026-04-16 23:05:40,368 [root] DEBUG: 4156: set_hooks_by_export_directory: Hooked 0 out of 628 functions\n2026-04-16 23:05:40,383 [root] DEBUG: 4156: DLL loaded at 0x00007FFEF9E80000: C:\\Windows\\SYSTEM32\\kernel.appcore (0x12000 bytes).\n2026-04-16 23:05:40,383 [root] DEBUG: 4156: DLL loaded at 0x00007FFEF5730000: C:\\Windows\\SYSTEM32\\VERSION (0xa000 bytes).\n2026-04-16 23:05:40,743 [root] DEBUG: 4156: DLL loaded at 0x00000000575F0000: C:\\Windows\\WinSxS\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_88e266cb2fac7c0d\\MSVCR80 (0xc9000 bytes).\n2026-04-16 23:05:40,774 [root] DEBUG: 4156: set_hooks_by_export_directory: Hooked 0 out of 628 functions\n2026-04-16 23:05:40,774 [root] DEBUG: 4156: DLL loaded at 0x00007FFEAA720000: C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks (0xa37000 bytes).\n2026-04-16 23:05:53,164 [root] DEBUG: 4156: DLL loaded at 0x00007FFEFDBE0000: C:\\Windows\\System32\\shell32 (0x743000 bytes).\n2026-04-16 23:05:53,305 [root] DEBUG: 4156: DLL loaded at 0x00007FFEFB900000: C:\\Windows\\SYSTEM32\\Wldp (0x30000 bytes).\n2026-04-16 23:05:53,321 [root] DEBUG: 4156: DLL loaded at 0x00007FFEFA080000: C:\\Windows\\SYSTEM32\\windows.storage (0x795000 bytes).\n2026-04-16 23:05:53,414 [root] DEBUG: 4156: DLL loaded at 0x00007FFEFE330000: C:\\Windows\\System32\\SHCORE (0xad000 bytes).\n2026-04-16 23:05:53,446 [root] DEBUG: 4156: DLL loaded at 0x00007FFEFBEB0000: C:\\Windows\\SYSTEM32\\profapi (0x1f000 bytes).\n2026-04-16 23:05:53,727 [root] DEBUG: 4156: DLL loaded at 0x00007FFEA9620000: C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\mscorlib\\c38e722cd7d5b0e89326ee4dd7eccc9f\\mscorlib.ni (0xee4000 bytes).\n2026-04-16 23:05:53,914 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x00007FFE4B052000, size: 0x1000.\n2026-04-16 23:05:53,930 [root] DEBUG: 4156: GetEntropy: Error - Supplied address inaccessible: 0x00007FFE4B050000\n2026-04-16 23:05:53,930 [root] DEBUG: 4156: AddTrackedRegion: GetEntropy failed.\n2026-04-16 23:05:54,024 [root] DEBUG: 4156: DLL loaded at 0x00007FFEFC380000: C:\\Windows\\System32\\bcryptPrimitives (0x82000 bytes).\n2026-04-16 23:05:54,039 [root] DEBUG: 4156: DLL loaded at 0x00007FFEF9980000: C:\\Windows\\system32\\uxtheme (0x9e000 bytes).\n2026-04-16 23:05:54,071 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x00007FF40DEF0000, size: 0x90000.\n2026-04-16 23:05:54,086 [root] DEBUG: 4156: GetEntropy: Error - Supplied address inaccessible: 0x00007FF40DEF0000\n2026-04-16 23:05:54,086 [root] DEBUG: 4156: AddTrackedRegion: GetEntropy failed.\n2026-04-16 23:05:54,086 [root] DEBUG: 4156: AllocationHandler: Processing previous tracked region at: 0x00007FFE4B050000.\n2026-04-16 23:05:54,086 [root] DEBUG: 4156: ReverseScanForNonZero: Error - Supplied size zero.\n2026-04-16 23:05:54,102 [root] DEBUG: 4156: GetPageAddress: Error - Supplied address zero.\n2026-04-16 23:05:54,118 [root] DEBUG: 4156: AllocationHandler: Memory region (size 0x90000) reserved but not committed at 0x00007FF40DEF0000.\n2026-04-16 23:05:54,118 [root] DEBUG: 4156: AllocationHandler: Previously reserved region at 0x00007FF40DEF0000, committing at: 0x00007FF40DEF0000.\n2026-04-16 23:05:54,133 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FF40DEF0000.\n2026-04-16 23:05:54,133 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x00007FF40DEE0000, size: 0x10000.\n2026-04-16 23:05:54,149 [root] DEBUG: 4156: GetEntropy: Error - Supplied address inaccessible: 0x00007FF40DEE0000\n2026-04-16 23:05:54,164 [root] DEBUG: 4156: AddTrackedRegion: GetEntropy failed.\n2026-04-16 23:05:54,164 [root] DEBUG: 4156: AllocationHandler: Processing previous tracked region at: 0x00007FF40DEF0000.\n2026-04-16 23:05:54,164 [root] DEBUG: 4156: DumpPEsInRange: Scanning range 0x00007FF40DEF0000 - 0x00007FF40DEF0046.\n2026-04-16 23:05:54,180 [root] DEBUG: 4156: ScanForDisguisedPE: Size too small: 0x46 bytes\n2026-04-16 23:05:54,196 [lib.common.results] INFO: Uploading file C:\\ZPIRIzm\\CAPE\\4156_16075805452016442026 to CAPE\\3b58e32c41dcc6be123c5c0b7921a0aceae65c94c5654d25d3e15268dbd480e9; Size is 70; Max size: 100000000\n2026-04-16 23:05:54,211 [root] DEBUG: 4156: DumpMemory: Payload successfully created: C:\\ZPIRIzm\\CAPE\\4156_16075805452016442026 (size 70 bytes)\n2026-04-16 23:05:54,227 [root] DEBUG: 4156: DumpRegion: Dumped entire allocation from 0x00007FF40DEF0000, size 4096 bytes.\n2026-04-16 23:05:54,227 [root] DEBUG: 4156: ProcessTrackedRegion: Dumped region at 0x00007FF40DEF0000.\n2026-04-16 23:05:54,227 [root] DEBUG: 4156: YaraScan: Scanning 0x00007FF40DEF0000, size 0x46\n2026-04-16 23:05:54,246 [root] DEBUG: 4156: AllocationHandler: Memory region (size 0x10000) reserved but not committed at 0x00007FF40DEE0000.\n2026-04-16 23:05:54,246 [root] DEBUG: 4156: AllocationHandler: Previously reserved region at 0x00007FF40DEE0000, committing at: 0x00007FF40DEE0000.\n2026-04-16 23:05:54,246 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x00007FFE4B10A000, size: 0x1000.\n2026-04-16 23:05:54,289 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x00007FFE4B042000, size: 0x1000.\n2026-04-16 23:05:54,289 [root] DEBUG: 4156: GetEntropy: Error - Supplied address inaccessible: 0x00007FFE4B040000\n2026-04-16 23:05:54,305 [root] DEBUG: 4156: AddTrackedRegion: GetEntropy failed.\n2026-04-16 23:05:54,399 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B050000.\n2026-04-16 23:05:54,414 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x00007FFE4B11A000, size: 0x1000.\n2026-04-16 23:05:54,430 [root] DEBUG: 4156: GetEntropy: Error - Supplied address inaccessible: 0x00007FFE4B110000\n2026-04-16 23:05:54,430 [root] DEBUG: 4156: AddTrackedRegion: GetEntropy failed.\n2026-04-16 23:05:54,524 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B110000.\n2026-04-16 23:05:54,539 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B110000.\n2026-04-16 23:05:54,696 [root] DEBUG: 4156: DLL loaded at 0x00007FFEA8BE0000: C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System\\496a45a0614b37e8f0260d3f2adabc52\\System.ni (0xa36000 bytes).\n2026-04-16 23:05:54,758 [root] DEBUG: 4156: DLL loaded at 0x00007FFEA89A0000: C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Drawing\\7198851ede46ae043629a61091422f64\\System.Drawing.ni (0x239000 bytes).\n2026-04-16 23:05:54,821 [root] DEBUG: 4156: DLL loaded at 0x00007FFEA7900000: C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Windows.Forms\\f56a08a5bdfd91d7316e7e3a8e625637\\System.Windows.Forms.ni (0x1099000 bytes).\n2026-04-16 23:05:54,914 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B050000.\n2026-04-16 23:05:54,946 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B050000.\n2026-04-16 23:05:55,211 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B050000.\n2026-04-16 23:05:55,227 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B050000.\n2026-04-16 23:05:55,508 [root] DEBUG: 4156: DLL loaded at 0x00007FFEAC470000: C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorjit (0x183000 bytes).\n2026-04-16 23:05:55,899 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x00007FFE4B190000, size: 0x1000.\n2026-04-16 23:05:55,977 [root] DEBUG: 4156: AddTrackedRegion: GetEntropy failed.\n2026-04-16 23:05:56,149 [root] DEBUG: 4156: DumpPEsInRange: Scanning range 0x00007FFE4B190000 - 0x00007FFE4B19014D.\n2026-04-16 23:05:56,180 [root] DEBUG: 4156: ScanForDisguisedPE: Size too small: 0x14d bytes\n2026-04-16 23:05:56,180 [lib.common.results] INFO: Uploading file C:\\ZPIRIzm\\CAPE\\4156_31253405652016442026 to CAPE\\99b3e78e7a66a3d3a215c643e1ea1be08b03a9ffeaa6492d882c6521e7882a5f; Size is 333; Max size: 100000000\n2026-04-16 23:05:56,196 [root] DEBUG: 4156: DumpMemory: Payload successfully created: C:\\ZPIRIzm\\CAPE\\4156_31253405652016442026 (size 333 bytes)\n2026-04-16 23:05:56,211 [root] DEBUG: 4156: DumpRegion: Dumped entire allocation from 0x00007FFE4B190000, size 4096 bytes.\n2026-04-16 23:05:56,211 [root] DEBUG: 4156: ProcessTrackedRegion: Dumped region at 0x00007FFE4B190000.\n2026-04-16 23:05:56,211 [root] DEBUG: 4156: YaraScan: Scanning 0x00007FFE4B190000, size 0x14d\n2026-04-16 23:05:57,118 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B050000.\n2026-04-16 23:05:57,446 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B050000.\n2026-04-16 23:05:59,524 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x00007FFE4B1F0000, size: 0x1000.\n2026-04-16 23:05:59,524 [root] DEBUG: 4156: AddTrackedRegion: GetEntropy failed.\n2026-04-16 23:05:59,587 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B100000.\n2026-04-16 23:05:59,618 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B040000.\n2026-04-16 23:05:59,758 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B050000.\n2026-04-16 23:05:59,899 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x00007FFE4B06F000, size: 0x1000.\n2026-04-16 23:05:59,899 [root] DEBUG: 4156: GetEntropy: Error - Supplied address inaccessible: 0x00007FFE4B060000\n2026-04-16 23:05:59,899 [root] DEBUG: 4156: AddTrackedRegion: GetEntropy failed.\n2026-04-16 23:06:00,008 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B060000.\n2026-04-16 23:06:00,024 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B060000.\n2026-04-16 23:06:00,227 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B050000.\n2026-04-16 23:06:00,321 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x00007FFE4B200000, size: 0x1000.\n2026-04-16 23:06:00,321 [root] DEBUG: 4156: AddTrackedRegion: GetEntropy failed.\n2026-04-16 23:06:00,383 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B200000.\n2026-04-16 23:06:00,508 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B040000.\n2026-04-16 23:06:00,524 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B200000.\n2026-04-16 23:06:00,743 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B200000.\n2026-04-16 23:06:00,852 [root] DEBUG: 4156: DLL loaded at 0x00007FFEFE6C0000: C:\\Windows\\System32\\MSCTF (0x115000 bytes).\n2026-04-16 23:06:01,008 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x0000000002852000, size: 0x2000.\n2026-04-16 23:06:01,024 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x00000000040C0000, size: 0xd000.\n2026-04-16 23:06:01,024 [root] DEBUG: 4156: GetEntropy: Error - Supplied address inaccessible: 0x00000000040C0000\n2026-04-16 23:06:01,024 [root] DEBUG: 4156: AddTrackedRegion: GetEntropy failed.\n2026-04-16 23:06:01,024 [root] DEBUG: 4156: AllocationHandler: Processing previous tracked region at: 0x0000000002850000.\n2026-04-16 23:06:01,024 [root] DEBUG: 4156: DumpPEsInRange: Scanning range 0x0000000002850000 - 0x0000000002853FFA.\n2026-04-16 23:06:01,040 [root] DEBUG: 4156: ScanForDisguisedPE: No PE image located in range 0x0000000002850000-0x0000000002853FFA.\n2026-04-16 23:06:01,196 [lib.common.results] INFO: Uploading file C:\\ZPIRIzm\\CAPE\\4156_134640162016442026 to CAPE\\5b41846fe61a7f7bcacf175fb8841f9f6aa7dc514706d30f45f5bce2578f7ed7; Size is 16378; Max size: 100000000\n2026-04-16 23:06:01,212 [root] DEBUG: 4156: DumpMemory: Payload successfully created: C:\\ZPIRIzm\\CAPE\\4156_134640162016442026 (size 16378 bytes)\n2026-04-16 23:06:01,212 [root] DEBUG: 4156: DumpRegion: Dumped entire allocation from 0x0000000002850000, size 16384 bytes.\n2026-04-16 23:06:01,212 [root] DEBUG: 4156: ProcessTrackedRegion: Dumped region at 0x0000000002850000.\n2026-04-16 23:06:01,212 [root] DEBUG: 4156: YaraScan: Scanning 0x0000000002850000, size 0x3ffa\n2026-04-16 23:06:01,227 [root] DEBUG: 4156: AllocationHandler: Memory region (size 0xd000) reserved but not committed at 0x00000000040C0000.\n2026-04-16 23:06:01,227 [root] DEBUG: 4156: AllocationHandler: Previously reserved region at 0x00000000040C0000, committing at: 0x00000000040C0000.\n2026-04-16 23:06:01,243 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B200000.\n2026-04-16 23:06:01,586 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x00007FFE4B210000, size: 0x1000.\n2026-04-16 23:06:01,586 [root] DEBUG: 4156: AddTrackedRegion: GetEntropy failed.\n2026-04-16 23:06:01,586 [root] DEBUG: 4156: DLL loaded at 0x00007FFED40D0000: C:\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.2006_none_919e9136cc8d4791\\gdiplus (0x1a5000 bytes).\n2026-04-16 23:06:01,649 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B200000.\n2026-04-16 23:06:01,696 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B200000.\n2026-04-16 23:06:01,759 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B200000.\n2026-04-16 23:06:01,805 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B1F0000.\n2026-04-16 23:06:01,805 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B050000.\n2026-04-16 23:06:01,821 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B1F0000.\n2026-04-16 23:06:02,118 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B1F0000.\n2026-04-16 23:06:02,384 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000.\n2026-04-16 23:06:02,493 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B1F0000.\n2026-04-16 23:06:02,930 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x0000000002850000.\n2026-04-16 23:06:03,212 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x0000000002850000.\n2026-04-16 23:06:03,352 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x0000000002850000.\n2026-04-16 23:06:03,415 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x0000000002850000.\n2026-04-16 23:06:03,431 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x0000000002850000.\n2026-04-16 23:06:03,431 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x0000000002850000.\n2026-04-16 23:06:03,525 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000.\n2026-04-16 23:06:04,071 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x000000001E140000, size: 0x100000.\n2026-04-16 23:06:04,087 [root] DEBUG: 4156: GetEntropy: Error - Supplied address inaccessible: 0x000000001E140000\n2026-04-16 23:06:04,087 [root] DEBUG: 4156: AddTrackedRegion: GetEntropy failed.\n2026-04-16 23:06:04,087 [root] DEBUG: 4156: AllocationHandler: Processing previous tracked region at: 0x00007FFE4B210000.\n2026-04-16 23:06:04,102 [root] DEBUG: 4156: DumpPEsInRange: Scanning range 0x00007FFE4B210000 - 0x00007FFE4B210208.\n2026-04-16 23:06:04,102 [root] DEBUG: 4156: ScanForDisguisedPE: Size too small: 0x208 bytes\n2026-04-16 23:06:04,181 [lib.common.results] INFO: Uploading file C:\\ZPIRIzm\\CAPE\\4156_1028262462016442026 to CAPE\\65aa04b90a5b71c3806a1f1b566f76a55789463379c782d4f2ae49bb19d1ec9d; Size is 520; Max size: 100000000\n2026-04-16 23:06:04,196 [root] DEBUG: 4156: DumpMemory: Payload successfully created: C:\\ZPIRIzm\\CAPE\\4156_1028262462016442026 (size 520 bytes)\n2026-04-16 23:06:04,196 [root] DEBUG: 4156: DumpRegion: Dumped entire allocation from 0x00007FFE4B210000, size 4096 bytes.\n2026-04-16 23:06:04,196 [root] DEBUG: 4156: ProcessTrackedRegion: Dumped region at 0x00007FFE4B210000.\n2026-04-16 23:06:04,212 [root] DEBUG: 4156: YaraScan: Scanning 0x00007FFE4B210000, size 0x208\n2026-04-16 23:06:04,212 [root] DEBUG: 4156: AllocationHandler: Memory region (size 0x100000) reserved but not committed at 0x000000001E140000.\n2026-04-16 23:06:04,212 [root] DEBUG: 4156: AllocationHandler: Previously reserved region at 0x000000001E140000, committing at: 0x000000001E140000.\n2026-04-16 23:06:04,305 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B050000.\n2026-04-16 23:06:04,305 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000.\n2026-04-16 23:06:04,743 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B1F0000.\n2026-04-16 23:06:04,774 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000.\n2026-04-16 23:06:05,040 [root] DEBUG: 4156: DLL loaded at 0x00007FFEF08F0000: C:\\Windows\\SYSTEM32\\shfolder (0x7000 bytes).\n2026-04-16 23:06:05,055 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000.\n2026-04-16 23:06:05,180 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B210000.\n2026-04-16 23:06:05,196 [root] INFO: Added new file to list with pid 4156 and path C:\\Users\\cape\\AppData\\Roaming\\57C9F549-7B50-4C23-B307-58BAB726D1B6\\run.dat\n2026-04-16 23:06:05,305 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B100000.\n2026-04-16 23:06:05,321 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B100000.\n2026-04-16 23:06:05,665 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000.\n2026-04-16 23:06:09,368 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000.\n2026-04-16 23:06:09,664 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000.\n2026-04-16 23:06:09,664 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B1F0000.\n2026-04-16 23:06:10,368 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000.\n2026-04-16 23:06:15,696 [root] DEBUG: 4156: DLL loaded at 0x00007FFEFB660000: C:\\Windows\\system32\\mswsock (0x6a000 bytes).\n2026-04-16 23:06:21,946 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B1F0000.\n2026-04-16 23:06:24,290 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B1F0000.\n2026-04-16 23:06:24,712 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B050000.\n2026-04-16 23:06:24,712 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B1F0000.\n2026-04-16 23:06:25,415 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B1F0000.\n2026-04-16 23:06:25,774 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B1F0000.\n2026-04-16 23:06:25,790 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x00007FFE4B230000, size: 0x1000.\n2026-04-16 23:06:25,790 [root] DEBUG: 4156: AddTrackedRegion: GetEntropy failed.\n2026-04-16 23:06:26,055 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000.\n2026-04-16 23:06:26,071 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B1F0000.\n2026-04-16 23:06:26,321 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B1F0000.\n2026-04-16 23:06:26,336 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B230000.\n2026-04-16 23:06:26,336 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B1F0000.\n2026-04-16 23:06:27,258 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000.\n2026-04-16 23:06:27,290 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B1F0000.\n2026-04-16 23:06:28,040 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000.\n2026-04-16 23:06:28,055 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B040000.\n2026-04-16 23:06:28,055 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000.\n2026-04-16 23:06:28,227 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x00007FFE4B250000, size: 0x1000.\n2026-04-16 23:06:28,227 [root] DEBUG: 4156: AddTrackedRegion: GetEntropy failed.\n2026-04-16 23:06:29,712 [root] DEBUG: 4156: DLL loaded at 0x00007FFEA5E60000: C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Xml\\8c5176ba512e864f7a4dec3b9e052e62\\System.Xml.ni (0x6ab000 bytes).\n2026-04-16 23:06:33,042 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B250000.\n2026-04-16 23:06:33,933 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000.\n2026-04-16 23:06:33,948 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000.\n2026-04-16 23:06:34,721 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B230000.\n2026-04-16 23:06:38,760 [root] DEBUG: 4156: DLL loaded at 0x00007FFEFB850000: C:\\Windows\\SYSTEM32\\CRYPTSP (0x18000 bytes).\n2026-04-16 23:06:38,760 [root] DEBUG: 4156: DLL loaded at 0x00007FFEFAFE0000: C:\\Windows\\system32\\rsaenh (0x34000 bytes).\n2026-04-16 23:06:40,020 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000.\n2026-04-16 23:06:40,183 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000.\n2026-04-16 23:06:40,756 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000.\n2026-04-16 23:06:40,756 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B250000.\n2026-04-16 23:06:40,772 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000.\n2026-04-16 23:06:40,809 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000.\n2026-04-16 23:06:40,910 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000.\n2026-04-16 23:06:41,089 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000.\n2026-04-16 23:06:41,547 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000.\n2026-04-16 23:06:41,984 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B250000.\n2026-04-16 23:06:42,000 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B230000.\n2026-04-16 23:06:42,782 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B250000.\n2026-04-16 23:06:42,782 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000.\n2026-04-16 23:06:43,047 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B250000.\n2026-04-16 23:06:43,078 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000.\n2026-04-16 23:06:43,156 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B250000.\n2026-04-16 23:06:43,172 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000.\n2026-04-16 23:06:43,172 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B060000.\n2026-04-16 23:06:43,359 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000.\n2026-04-16 23:06:44,188 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000.\n2026-04-16 23:06:45,578 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B230000.\n2026-04-16 23:06:45,594 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B250000.\n2026-04-16 23:06:45,766 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000.\n2026-04-16 23:06:46,234 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B200000.\n2026-04-16 23:06:47,797 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000.\n2026-04-16 23:06:49,844 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B250000.\n2026-04-16 23:06:50,125 [root] DEBUG: 4156: DLL loaded at 0x00007FFEF04D0000: C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\culture (0xa000 bytes).\n2026-04-16 23:06:50,453 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B100000.\n2026-04-16 23:06:50,594 [root] DEBUG: 4156: DLL loaded at 0x00007FFED5620000: C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\diasymreader (0xc6000 bytes).\n2026-04-16 23:06:50,875 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000.\n2026-04-16 23:08:59,688 [root] INFO: Analysis timeout hit, terminating analysis\n2026-04-16 23:08:59,688 [lib.api.process] INFO: Terminate event set for <Process 4156 client.bin.exe>\n2026-04-16 23:08:59,688 [root] DEBUG: 4156: Terminate Event: Attempting to dump process 4156\n2026-04-16 23:08:59,688 [root] DEBUG: 4156: VerifyCodeSection: SizeOfRawData zero.\n2026-04-16 23:08:59,703 [root] DEBUG: 4156: DoProcessDump: Code modification detected, dumping Imagebase at 0x0000000000680000.\n2026-04-16 23:08:59,703 [root] DEBUG: 4156: DumpImageInCurrentProcess: Attempting to dump virtual PE image.\n2026-04-16 23:08:59,703 [root] DEBUG: 4156: DumpProcess: Instantiating PeParser with address: 0x0000000000680000.\n2026-04-16 23:08:59,719 [root] DEBUG: 4156: DumpProcess: Module entry point VA is 0x000000000069E792.\n2026-04-16 23:08:59,719 [root] DEBUG: 4156: PeParser: readPeSectionsFromProcess: readSectionFromProcess failed address 0x0000000000682000, section 1\n2026-04-16 23:08:59,719 [root] DEBUG: 4156: PeParser: readPeSectionsFromProcess: readSectionFromProcess failed address 0x00000000006A0000, section 2\n2026-04-16 23:08:59,719 [root] DEBUG: 4156: reBasePEImage: Exception rebasing image from 0x0000000000680000 to 0x0000000000400000.\n2026-04-16 23:08:59,735 [root] DEBUG: 4156: readPeSectionsFromProcess: Failed to relocate image back to header image base 0x0000000000400000.\n2026-04-16 23:09:00,375 [lib.common.results] INFO: Uploading file C:\\ZPIRIzm\\CAPE\\4156_15375092016442026 to procdump\\99965b28430cda4b41bd51229c63525f57ed47035053fb8842a7ebb78bfa02c1; Size is 16384; Max size: 100000000\n2026-04-16 23:09:00,391 [root] DEBUG: 4156: DumpProcess: Module image dump success - dump size 0x4000.\n2026-04-16 23:09:00,406 [root] DEBUG: 4156: DumpPEsInRange: Scanning range 0x00007FFE4B250000 - 0x00007FFE4B2598A6.\n2026-04-16 23:09:00,406 [root] DEBUG: 4156: ScanForDisguisedPE: No PE image located in range 0x00007FFE4B250000-0x00007FFE4B2598A6.\n2026-04-16 23:09:00,734 [lib.common.results] INFO: Uploading file C:\\ZPIRIzm\\CAPE\\4156_7793074092016442026 to CAPE\\327c9f19cf38c1d2fab9c18d31cdb19c7f3aa32cb9fc1152bf3028085894e47a; Size is 39078; Max size: 100000000\n2026-04-16 23:09:00,750 [root] DEBUG: 4156: DumpMemory: Payload successfully created: C:\\ZPIRIzm\\CAPE\\4156_7793074092016442026 (size 39078 bytes)\n2026-04-16 23:09:00,750 [root] DEBUG: 4156: DumpRegion: Dumped entire allocation from 0x00007FFE4B250000, size 40960 bytes.\n2026-04-16 23:09:00,750 [root] DEBUG: 4156: ProcessTrackedRegion: Dumped region at 0x00007FFE4B250000.\n2026-04-16 23:09:00,750 [root] DEBUG: 4156: YaraScan: Scanning 0x00007FFE4B250000, size 0x98a6\n2026-04-16 23:09:00,750 [lib.api.process] INFO: Termination confirmed for <Process 4156 client.bin.exe>\n2026-04-16 23:09:00,750 [root] INFO: Terminate event set for process 4156\n2026-04-16 23:09:00,766 [root] INFO: Created shutdown mutex\n2026-04-16 23:09:00,750 [root] DEBUG: 4156: Terminate Event: monitor shutdown complete for process 4156\n2026-04-16 23:09:01,781 [root] INFO: Shutting down package\n2026-04-16 23:09:01,781 [root] INFO: Stopping auxiliary modules\n2026-04-16 23:09:01,781 [root] INFO: Stopping auxiliary module: Browser\n2026-04-16 23:09:01,781 [root] INFO: Stopping auxiliary module: Human\n2026-04-16 23:09:04,359 [root] INFO: Stopping auxiliary module: Screenshots\n2026-04-16 23:09:04,453 [root] INFO: Finishing auxiliary modules\n2026-04-16 23:09:04,453 [root] INFO: Shutting down pipe server and dumping dropped files\n2026-04-16 23:09:04,453 [lib.common.results] INFO: Uploading file C:\\Users\\cape\\AppData\\Roaming\\57C9F549-7B50-4C23-B307-58BAB726D1B6\\run.dat to files\\d4e5529ed64ebb991b5a32765ae1de0f5bfc5d583e404caa50b4679a73cdca4c; Size is 8; Max size: 100000000\n2026-04-16 23:09:04,469 [root] WARNING: Folder at path \"C:\\ZPIRIzm\\debugger\" does not exist, skipping\n2026-04-16 23:09:04,469 [root] INFO: Uploading files at path \"C:\\ZPIRIzm\\tlsdump\"\n2026-04-16 23:09:04,469 [lib.common.results] INFO: Uploading file C:\\ZPIRIzm\\tlsdump\\tlsdump.log to tlsdump\\tlsdump.log; Size is 22468; Max size: 100000000\n2026-04-16 23:09:04,469 [root] INFO: Analysis completed\n",
    "errors": []
  },
  "network": {
    "pcap_sha256": "b314dfe39414bac2b0ff7f3792396958d779bc252d5d3df8f86c42786792f2dc",
    "hosts": [
      {
        "ip": "20.93.72.182",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "46.149.110.67",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          80
        ]
      },
      {
        "ip": "72.154.7.108",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "72.154.7.100",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "72.154.7.105",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "72.154.7.102",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "72.154.7.98",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "72.154.7.101",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "72.154.7.107",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "72.154.7.109",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "20.165.94.54",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "173.194.73.94",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          80
        ]
      },
      {
        "ip": "13.107.6.156",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "84.47.178.41",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "150.171.27.11",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "84.47.178.49",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "40.126.53.14",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "52.123.242.97",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "20.42.65.93",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "4.207.247.139",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "84.47.178.56",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "20.189.173.2",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      }
    ],
    "domains": [
      {
        "domain": "dns.google",
        "ip": "8.8.4.4"
      }
    ],
    "tcp": [
      {
        "src": "192.168.1.100",
        "sport": 49723,
        "dst": "20.189.173.2",
        "dport": 443,
        "offset": 24,
        "time": 0.0
      },
      {
        "src": "192.168.1.100",
        "sport": 49724,
        "dst": "20.189.173.2",
        "dport": 443,
        "offset": 95,
        "time": 0.9217290878295898
      },
      {
        "src": "192.168.1.100",
        "sport": 49718,
        "dst": "84.47.178.56",
        "dport": 443,
        "offset": 236,
        "time": 4.827771186828613
      },
      {
        "src": "192.168.1.100",
        "sport": 49806,
        "dst": "4.207.247.139",
        "dport": 443,
        "offset": 752,
        "time": 5.2499611377716064
      },
      {
        "src": "192.168.1.100",
        "sport": 49784,
        "dst": "40.126.53.14",
        "dport": 443,
        "offset": 23179,
        "time": 6.589050054550171
      },
      {
        "src": "192.168.1.100",
        "sport": 49811,
        "dst": "13.107.253.44",
        "dport": 443,
        "offset": 29212,
        "time": 6.79459810256958
      },
      {
        "src": "192.168.1.100",
        "sport": 49813,
        "dst": "84.47.178.49",
        "dport": 443,
        "offset": 51502,
        "time": 6.945876121520996
      },
      {
        "src": "192.168.1.100",
        "sport": 49814,
        "dst": "199.232.214.172",
        "dport": 80,
        "offset": 75386,
        "time": 7.362181186676025
      },
      {
        "src": "192.168.1.100",
        "sport": 49817,
        "dst": "128.75.237.161",
        "dport": 443,
        "offset": 308849,
        "time": 8.08815312385559
      },
      {
        "src": "192.168.1.100",
        "sport": 49819,
        "dst": "20.42.65.93",
        "dport": 443,
        "offset": 338914,
        "time": 10.606962203979492
      },
      {
        "src": "2.23.90.148",
        "sport": 443,
        "dst": "192.168.1.100",
        "dport": 49942,
        "offset": 351511,
        "time": 21.771761178970337
      },
      {
        "src": "192.168.1.100",
        "sport": 49821,
        "dst": "4.207.247.139",
        "dport": 443,
        "offset": 352418,
        "time": 25.915982007980347
      },
      {
        "src": "192.168.1.100",
        "sport": 49728,
        "dst": "150.171.27.11",
        "dport": 443,
        "offset": 359878,
        "time": 30.513185024261475
      },
      {
        "src": "192.168.1.100",
        "sport": 49710,
        "dst": "84.47.178.41",
        "dport": 443,
        "offset": 360278,
        "time": 39.71528911590576
      },
      {
        "src": "192.168.1.100",
        "sport": 49716,
        "dst": "84.47.178.56",
        "dport": 443,
        "offset": 360419,
        "time": 39.793418169021606
      },
      {
        "src": "192.168.1.100",
        "sport": 49720,
        "dst": "8.8.4.4",
        "dport": 443,
        "offset": 360841,
        "time": 40.98094415664673
      },
      {
        "src": "192.168.1.100",
        "sport": 49708,
        "dst": "13.107.6.156",
        "dport": 443,
        "offset": 360982,
        "time": 41.0122811794281
      },
      {
        "src": "192.168.1.100",
        "sport": 49712,
        "dst": "84.47.178.41",
        "dport": 443,
        "offset": 361123,
        "time": 42.19976019859314
      },
      {
        "src": "192.168.1.100",
        "sport": 49822,
        "dst": "172.66.2.5",
        "dport": 80,
        "offset": 365920,
        "time": 47.75644516944885
      },
      {
        "src": "192.168.1.100",
        "sport": 49823,
        "dst": "40.126.53.15",
        "dport": 443,
        "offset": 373623,
        "time": 47.83834505081177
      },
      {
        "src": "192.168.1.100",
        "sport": 49825,
        "dst": "40.126.53.15",
        "dport": 443,
        "offset": 383472,
        "time": 47.88845205307007
      },
      {
        "src": "192.168.1.100",
        "sport": 49828,
        "dst": "40.126.53.15",
        "dport": 443,
        "offset": 423526,
        "time": 48.606131076812744
      },
      {
        "src": "192.168.1.100",
        "sport": 49831,
        "dst": "128.75.237.147",
        "dport": 80,
        "offset": 496294,
        "time": 48.80424404144287
      },
      {
        "src": "192.168.1.100",
        "sport": 49832,
        "dst": "150.171.27.11",
        "dport": 443,
        "offset": 527093,
        "time": 48.86231207847595
      },
      {
        "src": "192.168.1.100",
        "sport": 49833,
        "dst": "40.119.249.228",
        "dport": 443,
        "offset": 552699,
        "time": 49.05328321456909
      },
      {
        "src": "192.168.1.100",
        "sport": 49837,
        "dst": "74.178.240.61",
        "dport": 443,
        "offset": 678064,
        "time": 49.79363203048706
      },
      {
        "src": "192.168.1.100",
        "sport": 49839,
        "dst": "188.43.78.64",
        "dport": 80,
        "offset": 728637,
        "time": 50.434871196746826
      },
      {
        "src": "192.168.1.100",
        "sport": 49841,
        "dst": "40.119.249.228",
        "dport": 443,
        "offset": 1145819,
        "time": 51.42129611968994
      },
      {
        "src": "192.168.1.100",
        "sport": 49845,
        "dst": "40.126.53.15",
        "dport": 443,
        "offset": 1170771,
        "time": 52.34394812583923
      },
      {
        "src": "192.168.1.100",
        "sport": 49846,
        "dst": "40.119.249.228",
        "dport": 443,
        "offset": 1485682,
        "time": 52.71830701828003
      },
      {
        "src": "192.168.1.100",
        "sport": 49852,
        "dst": "4.210.40.181",
        "dport": 443,
        "offset": 1535660,
        "time": 54.69998502731323
      },
      {
        "src": "192.168.1.100",
        "sport": 49853,
        "dst": "40.119.249.228",
        "dport": 443,
        "offset": 1550038,
        "time": 54.88346219062805
      },
      {
        "src": "192.168.1.100",
        "sport": 49855,
        "dst": "40.126.53.15",
        "dport": 443,
        "offset": 1590740,
        "time": 55.591302156448364
      },
      {
        "src": "192.168.1.100",
        "sport": 49856,
        "dst": "4.207.247.139",
        "dport": 443,
        "offset": 1615444,
        "time": 55.89872598648071
      },
      {
        "src": "192.168.1.100",
        "sport": 49858,
        "dst": "52.167.17.97",
        "dport": 443,
        "offset": 1637864,
        "time": 56.702431201934814
      },
      {
        "src": "192.168.1.100",
        "sport": 49862,
        "dst": "52.167.17.97",
        "dport": 443,
        "offset": 1671309,
        "time": 57.967735052108765
      },
      {
        "src": "192.168.1.100",
        "sport": 49864,
        "dst": "52.167.17.97",
        "dport": 443,
        "offset": 2633867,
        "time": 59.510781049728394
      },
      {
        "src": "192.168.1.100",
        "sport": 49867,
        "dst": "23.46.118.69",
        "dport": 443,
        "offset": 2681671,
        "time": 64.67469716072083
      },
      {
        "src": "192.168.1.100",
        "sport": 49873,
        "dst": "13.71.55.58",
        "dport": 443,
        "offset": 2694892,
        "time": 68.66757011413574
      },
      {
        "src": "192.168.1.100",
        "sport": 49877,
        "dst": "204.79.197.203",
        "dport": 80,
        "offset": 2706391,
        "time": 69.42106318473816
      },
      {
        "src": "192.168.1.100",
        "sport": 49878,
        "dst": "128.75.237.184",
        "dport": 443,
        "offset": 2723600,
        "time": 69.70011901855469
      },
      {
        "src": "192.168.1.100",
        "sport": 49880,
        "dst": "4.207.247.139",
        "dport": 443,
        "offset": 2852537,
        "time": 71.837473154068
      },
      {
        "src": "4.207.247.139",
        "sport": 443,
        "dst": "192.168.1.100",
        "dport": 49831,
        "offset": 2862667,
        "time": 72.06223821640015
      },
      {
        "src": "192.168.1.100",
        "sport": 49882,
        "dst": "23.11.40.157",
        "dport": 80,
        "offset": 2870941,
        "time": 72.59133315086365
      },
      {
        "src": "192.168.1.100",
        "sport": 49884,
        "dst": "2.23.88.9",
        "dport": 443,
        "offset": 2889894,
        "time": 80.45216202735901
      },
      {
        "src": "192.168.1.100",
        "sport": 49886,
        "dst": "52.168.117.175",
        "dport": 443,
        "offset": 3612555,
        "time": 81.26446914672852
      },
      {
        "src": "192.168.1.100",
        "sport": 49889,
        "dst": "20.165.94.54",
        "dport": 443,
        "offset": 3630751,
        "time": 82.2378180027008
      },
      {
        "src": "192.168.1.100",
        "sport": 49893,
        "dst": "74.178.240.61",
        "dport": 443,
        "offset": 3641108,
        "time": 83.28226613998413
      },
      {
        "src": "192.168.1.100",
        "sport": 49897,
        "dst": "52.168.117.175",
        "dport": 443,
        "offset": 3943207,
        "time": 85.20143699645996
      },
      {
        "src": "192.168.1.100",
        "sport": 49902,
        "dst": "20.44.239.154",
        "dport": 443,
        "offset": 4083296,
        "time": 89.1343080997467
      },
      {
        "src": "192.168.1.100",
        "sport": 49906,
        "dst": "20.44.239.154",
        "dport": 443,
        "offset": 4105311,
        "time": 90.59069800376892
      },
      {
        "src": "192.168.1.100",
        "sport": 49911,
        "dst": "20.44.239.154",
        "dport": 443,
        "offset": 4125326,
        "time": 92.8220751285553
      },
      {
        "src": "192.168.1.100",
        "sport": 49914,
        "dst": "20.44.239.154",
        "dport": 443,
        "offset": 12222421,
        "time": 93.72157502174377
      },
      {
        "src": "192.168.1.100",
        "sport": 49921,
        "dst": "199.232.210.172",
        "dport": 80,
        "offset": 111941921,
        "time": 113.90291213989258
      },
      {
        "src": "192.168.1.100",
        "sport": 49942,
        "dst": "172.175.111.170",
        "dport": 443,
        "offset": 112247269,
        "time": 138.39702701568604
      },
      {
        "src": "192.168.1.100",
        "sport": 49946,
        "dst": "2.23.89.205",
        "dport": 443,
        "offset": 112466269,
        "time": 142.9203851222992
      },
      {
        "src": "192.168.1.100",
        "sport": 49949,
        "dst": "46.149.110.67",
        "dport": 80,
        "offset": 112489329,
        "time": 143.96185421943665
      },
      {
        "src": "192.168.1.100",
        "sport": 49950,
        "dst": "46.149.110.67",
        "dport": 80,
        "offset": 112492461,
        "time": 144.2835831642151
      },
      {
        "src": "192.168.1.100",
        "sport": 49951,
        "dst": "46.149.110.67",
        "dport": 80,
        "offset": 112510450,
        "time": 144.69980001449585
      },
      {
        "src": "192.168.1.100",
        "sport": 49953,
        "dst": "72.154.7.107",
        "dport": 443,
        "offset": 114318450,
        "time": 145.44593811035156
      },
      {
        "src": "192.168.1.100",
        "sport": 49955,
        "dst": "72.154.7.106",
        "dport": 443,
        "offset": 114319338,
        "time": 145.47164821624756
      },
      {
        "src": "192.168.1.100",
        "sport": 49957,
        "dst": "23.197.162.102",
        "dport": 80,
        "offset": 114343714,
        "time": 146.471027135849
      },
      {
        "src": "192.168.1.100",
        "sport": 49959,
        "dst": "52.168.117.175",
        "dport": 443,
        "offset": 114358669,
        "time": 146.64618706703186
      },
      {
        "src": "192.168.1.100",
        "sport": 49961,
        "dst": "2.23.90.38",
        "dport": 443,
        "offset": 114378212,
        "time": 146.96552419662476
      },
      {
        "src": "192.168.1.100",
        "sport": 49964,
        "dst": "52.123.245.107",
        "dport": 443,
        "offset": 114404787,
        "time": 151.26458716392517
      },
      {
        "src": "192.168.1.100",
        "sport": 49968,
        "dst": "40.126.53.15",
        "dport": 443,
        "offset": 114702812,
        "time": 170.12890005111694
      },
      {
        "src": "192.168.1.100",
        "sport": 49973,
        "dst": "150.171.109.51",
        "dport": 443,
        "offset": 115288322,
        "time": 190.4464111328125
      },
      {
        "src": "192.168.1.100",
        "sport": 49975,
        "dst": "52.123.129.14",
        "dport": 443,
        "offset": 115413574,
        "time": 191.10258316993713
      },
      {
        "src": "192.168.1.100",
        "sport": 49978,
        "dst": "23.11.40.157",
        "dport": 80,
        "offset": 115753501,
        "time": 193.47436904907227
      },
      {
        "src": "192.168.1.100",
        "sport": 49983,
        "dst": "104.208.16.90",
        "dport": 443,
        "offset": 116490599,
        "time": 210.418359041214
      },
      {
        "src": "23.46.118.69",
        "sport": 443,
        "dst": "192.168.1.100",
        "dport": 49875,
        "offset": 116502918,
        "time": 212.2171230316162
      },
      {
        "src": "2.23.88.9",
        "sport": 443,
        "dst": "192.168.1.100",
        "dport": 49886,
        "offset": 116516834,
        "time": 217.76851105690002
      },
      {
        "src": "192.168.1.100",
        "sport": 49989,
        "dst": "2.23.89.205",
        "dport": 443,
        "offset": 116556663,
        "time": 229.34236812591553
      },
      {
        "src": "192.168.1.100",
        "sport": 49991,
        "dst": "46.149.110.67",
        "dport": 80,
        "offset": 116579748,
        "time": 229.82319903373718
      },
      {
        "src": "192.168.1.100",
        "sport": 49993,
        "dst": "46.149.110.67",
        "dport": 80,
        "offset": 116591756,
        "time": 229.97609901428223
      },
      {
        "src": "192.168.1.100",
        "sport": 49995,
        "dst": "46.149.110.67",
        "dport": 80,
        "offset": 116810150,
        "time": 231.57892417907715
      },
      {
        "src": "2.23.89.205",
        "sport": 443,
        "dst": "192.168.1.100",
        "dport": 49931,
        "offset": 182853803,
        "time": 248.0601692199707
      },
      {
        "src": "2.23.90.38",
        "sport": 443,
        "dst": "192.168.1.100",
        "dport": 49950,
        "offset": 182854985,
        "time": 252.16892409324646
      },
      {
        "src": "2.23.90.38",
        "sport": 443,
        "dst": "192.168.1.100",
        "dport": 49952,
        "offset": 182855607,
        "time": 252.46439003944397
      },
      {
        "src": "192.168.1.100",
        "sport": 50003,
        "dst": "72.154.7.108",
        "dport": 443,
        "offset": 182861069,
        "time": 259.2985842227936
      },
      {
        "src": "192.168.1.100",
        "sport": 50006,
        "dst": "199.232.210.172",
        "dport": 80,
        "offset": 182871571,
        "time": 265.0896370410919
      }
    ],
    "udp": [
      {
        "src": "192.168.1.100",
        "sport": 50209,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 50373,
        "time": 6.906233072280884
      },
      {
        "src": "192.168.1.100",
        "sport": 59341,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 81925,
        "time": 7.879371166229248
      },
      {
        "src": "192.168.1.100",
        "sport": 55676,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 308324,
        "time": 8.05664610862732
      },
      {
        "src": "192.168.1.100",
        "sport": 138,
        "dst": "192.168.1.255",
        "dport": 138,
        "offset": 360019,
        "time": 31.668110132217407
      },
      {
        "src": "192.168.1.100",
        "sport": 64611,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 458412,
        "time": 48.67404818534851
      },
      {
        "src": "192.168.1.100",
        "sport": 53789,
        "dst": "8.8.4.4",
        "dport": 443,
        "offset": 497902,
        "time": 48.81664419174194
      },
      {
        "src": "192.168.1.100",
        "sport": 65147,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 528961,
        "time": 48.87830710411072
      },
      {
        "src": "192.168.1.100",
        "sport": 49200,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 728034,
        "time": 50.33086609840393
      },
      {
        "src": "192.168.1.100",
        "sport": 59637,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 1483864,
        "time": 52.593308210372925
      },
      {
        "src": "192.168.1.100",
        "sport": 59733,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 1627684,
        "time": 56.61523699760437
      },
      {
        "src": "192.168.1.100",
        "sport": 52834,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 2672163,
        "time": 60.51753211021423
      },
      {
        "src": "192.168.1.100",
        "sport": 57448,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 2694309,
        "time": 68.43976211547852
      },
      {
        "src": "192.168.1.100",
        "sport": 62369,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 2704786,
        "time": 69.34040021896362
      },
      {
        "src": "192.168.1.100",
        "sport": 53218,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 2722764,
        "time": 69.67167615890503
      },
      {
        "src": "192.168.1.100",
        "sport": 53471,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 2870296,
        "time": 72.50282907485962
      },
      {
        "src": "192.168.1.100",
        "sport": 50206,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 3611974,
        "time": 81.12856006622314
      },
      {
        "src": "192.168.1.100",
        "sport": 58981,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 3635345,
        "time": 82.93255305290222
      },
      {
        "src": "192.168.1.100",
        "sport": 52135,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 4131055,
        "time": 93.08290719985962
      },
      {
        "src": "192.168.1.100",
        "sport": 53109,
        "dst": "8.8.4.4",
        "dport": 443,
        "offset": 111946230,
        "time": 117.92531204223633
      },
      {
        "src": "192.168.1.100",
        "sport": 54063,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 112363712,
        "time": 140.5603380203247
      },
      {
        "src": "192.168.1.100",
        "sport": 61371,
        "dst": "8.8.4.4",
        "dport": 53,
        "offset": 112465230,
        "time": 142.88662719726562
      },
      {
        "src": "192.168.1.100",
        "sport": 62312,
        "dst": "8.8.4.4",
        "dport": 53,
        "offset": 112477034,
        "time": 143.6052451133728
      },
      {
        "src": "192.168.1.100",
        "sport": 54582,
        "dst": "8.8.4.4",
        "dport": 53,
        "offset": 112491070,
        "time": 144.12093806266785
      },
      {
        "src": "192.168.1.100",
        "sport": 49325,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 114316633,
        "time": 145.24656319618225
      },
      {
        "src": "192.168.1.100",
        "sport": 54059,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 114334780,
        "time": 145.8700201511383
      },
      {
        "src": "192.168.1.100",
        "sport": 55373,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 114342958,
        "time": 146.4359040260315
      },
      {
        "src": "192.168.1.100",
        "sport": 56272,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 114346792,
        "time": 146.50912499427795
      },
      {
        "src": "192.168.1.100",
        "sport": 51211,
        "dst": "8.8.4.4",
        "dport": 53,
        "offset": 114403089,
        "time": 151.22931599617004
      },
      {
        "src": "192.168.1.100",
        "sport": 60081,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 115425399,
        "time": 191.2020320892334
      },
      {
        "src": "192.168.1.100",
        "sport": 57251,
        "dst": "8.8.8.8",
        "dport": 443,
        "offset": 115428237,
        "time": 191.2245111465454
      },
      {
        "src": "192.168.1.100",
        "sport": 55526,
        "dst": "8.8.4.4",
        "dport": 53,
        "offset": 115744052,
        "time": 193.05419301986694
      },
      {
        "src": "192.168.1.100",
        "sport": 58014,
        "dst": "8.8.4.4",
        "dport": 53,
        "offset": 115752192,
        "time": 193.2886140346527
      },
      {
        "src": "192.168.1.100",
        "sport": 49253,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 116490015,
        "time": 210.23494601249695
      },
      {
        "src": "192.168.1.100",
        "sport": 50283,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 116555202,
        "time": 229.29470109939575
      },
      {
        "src": "192.168.1.100",
        "sport": 60566,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 116567388,
        "time": 229.61608910560608
      },
      {
        "src": "192.168.1.100",
        "sport": 64033,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 116584202,
        "time": 229.90004801750183
      },
      {
        "src": "192.168.1.100",
        "sport": 63445,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 116598083,
        "time": 230.0559241771698
      },
      {
        "src": "192.168.1.100",
        "sport": 62654,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 182860112,
        "time": 259.0936830043793
      },
      {
        "src": "192.168.1.100",
        "sport": 54344,
        "dst": "8.8.8.8",
        "dport": 443,
        "offset": 182874313,
        "time": 269.4557201862335
      }
    ],
    "icmp": [
      {
        "src": "192.168.1.100",
        "dst": "8.8.4.4",
        "type": 3,
        "data": ""
      },
      {
        "src": "192.168.1.100",
        "dst": "8.8.4.4",
        "type": 3,
        "data": ""
      },
      {
        "src": "192.168.1.100",
        "dst": "8.8.4.4",
        "type": 3,
        "data": ""
      },
      {
        "src": "192.168.1.100",
        "dst": "8.8.4.4",
        "type": 3,
        "data": ""
      }
    ],
    "http": [
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee/pieceshash?cacheHostOrigin=msedge.f.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: gzip, deflate\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: p7V6/+mK70W9VSlGC8UmAA.0.2.3.1.1\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee/pieceshash?cacheHostOrigin=msedge.f.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee/pieceshash?cacheHostOrigin=msedge.f.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380823.397802
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee?P1=1776985622&P2=404&P3=2&P4=PD62n0mbfNE4p%2bzyHMqYWf0Eo1BpP478XDrc2Cg%2f6tFDiTGKK%2bWrWL%2fU8MbcGPUmtxsWoGEpKhiIrbEfGypD2Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: p7V6/+mK70W9VSlGC8UmAA.0.2.6.1.1.1\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee?P1=1776985622&P2=404&P3=2&P4=PD62n0mbfNE4p%2bzyHMqYWf0Eo1BpP478XDrc2Cg%2f6tFDiTGKK%2bWrWL%2fU8MbcGPUmtxsWoGEpKhiIrbEfGypD2Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee?P1=1776985622&P2=404&P3=2&P4=PD62n0mbfNE4p%2bzyHMqYWf0Eo1BpP478XDrc2Cg%2f6tFDiTGKK%2bWrWL%2fU8MbcGPUmtxsWoGEpKhiIrbEfGypD2Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380823.719531
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee?P1=1776985622&P2=404&P3=2&P4=PD62n0mbfNE4p%2bzyHMqYWf0Eo1BpP478XDrc2Cg%2f6tFDiTGKK%2bWrWL%2fU8MbcGPUmtxsWoGEpKhiIrbEfGypD2Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1048575\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: p7V6/+mK70W9VSlGC8UmAA.0.2.6.1.1.2\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee?P1=1776985622&P2=404&P3=2&P4=PD62n0mbfNE4p%2bzyHMqYWf0Eo1BpP478XDrc2Cg%2f6tFDiTGKK%2bWrWL%2fU8MbcGPUmtxsWoGEpKhiIrbEfGypD2Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee?P1=1776985622&P2=404&P3=2&P4=PD62n0mbfNE4p%2bzyHMqYWf0Eo1BpP478XDrc2Cg%2f6tFDiTGKK%2bWrWL%2fU8MbcGPUmtxsWoGEpKhiIrbEfGypD2Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380824.070221
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee?P1=1776985622&P2=404&P3=2&P4=PD62n0mbfNE4p%2bzyHMqYWf0Eo1BpP478XDrc2Cg%2f6tFDiTGKK%2bWrWL%2fU8MbcGPUmtxsWoGEpKhiIrbEfGypD2Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=1048576-1697335\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: p7V6/+mK70W9VSlGC8UmAA.0.2.6.1.1.3\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee?P1=1776985622&P2=404&P3=2&P4=PD62n0mbfNE4p%2bzyHMqYWf0Eo1BpP478XDrc2Cg%2f6tFDiTGKK%2bWrWL%2fU8MbcGPUmtxsWoGEpKhiIrbEfGypD2Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee?P1=1776985622&P2=404&P3=2&P4=PD62n0mbfNE4p%2bzyHMqYWf0Eo1BpP478XDrc2Cg%2f6tFDiTGKK%2bWrWL%2fU8MbcGPUmtxsWoGEpKhiIrbEfGypD2Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380824.135748
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051/pieceshash?cacheHostOrigin=msedge.f.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: gzip, deflate\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.3.1.1\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051/pieceshash?cacheHostOrigin=msedge.f.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051/pieceshash?cacheHostOrigin=msedge.f.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380909.259147
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.1\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380909.412047
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=45088768-46137343\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.2\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380910.834813
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=32505856-33554431\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.3\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380911.014872
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=16777216-17825791\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.4\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380911.419055
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=37748736-38797311\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.5\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380911.775364
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=17825792-18874367\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.6\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380911.806492
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=23068672-24117247\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.7\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380912.062815
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=4194304-5242879\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.8\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380912.187892
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=57671680-58720255\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.9\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380912.281006
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=8388608-9437183\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.10\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380912.487843
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=55574528-56623103\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.11\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380912.513369
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=11534336-12582911\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.12\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380912.727596
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=13631488-14680063\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.13\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380912.742466
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=35651584-36700159\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.14\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380912.943627
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=59768832-60817407\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.15\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380913.034677
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=39845888-40894463\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.16\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380913.343957
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=52428800-53477375\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.17\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380914.004887
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=14680064-15728639\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.18\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380914.0371
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=24117248-25165823\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.19\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380914.344283
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=10485760-11534335\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.20\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380914.360581
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=58720256-59768831\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.21\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380914.620492
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=25165824-26214399\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.22\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380914.690218
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=9437184-10485759\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.23\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380914.894889
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=46137344-47185919\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.24\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380914.973849
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=42991616-44040191\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.25\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380915.175648
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=2097152-3145727\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.26\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380915.25489
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=30408704-31457279\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.27\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380915.472582
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=6291456-7340031\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.28\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380915.543298
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=33554432-34603007\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.29\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380915.736589
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=49283072-50331647\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.30\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380915.818546
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=28311552-29360127\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.31\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380916.019523
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=5242880-6291455\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.32\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380916.487383
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=27262976-28311551\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.33\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380916.77998
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=7340032-8388607\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.34\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380916.793369
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=60817408-61810271\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.35\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380917.064384
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=26214400-27262975\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.36\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380917.17157
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=20971520-22020095\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.37\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380917.320577
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=19922944-20971519\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.38\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380917.48162
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=3145728-4194303\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.39\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380917.882801
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=48234496-49283071\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.40\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380918.269217
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=56623104-57671679\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.41\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380918.661016
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=22020096-23068671\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.42\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380919.051038
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=41943040-42991615\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.43\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380919.441017
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=0-1048575\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.44\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380919.831826
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=31457280-32505855\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.45\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380920.223872
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=12582912-13631487\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.46\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380920.612732
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=18874368-19922943\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.47\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380921.091068
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=44040192-45088767\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.48\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380921.48816
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=38797312-39845887\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.49\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380922.03458
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=54525952-55574527\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.50\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380922.831285
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=36700160-37748735\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.51\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380923.237987
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=53477376-54525951\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.52\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380923.628319
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=15728640-16777215\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.53\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380924.018768
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=47185920-48234495\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.54\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380924.424844
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=51380224-52428799\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.55\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380924.815145
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=50331648-51380223\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.56\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380925.205572
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=40894464-41943039\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.57\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380925.591242
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=1048576-2097151\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.58\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380925.98949
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=29360128-30408703\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.59\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380926.377453
      },
      {
        "count": 1,
        "host": "46.149.110.67",
        "port": 80,
        "data": "GET /filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nRange: bytes=34603008-35651583\r\nUser-Agent: Microsoft-Delivery-Optimization/10.0\r\nMS-CV: dJC7DGEhM0+mfZ8AvoUIAg.0.2.7.1.1.60\r\nContent-Length: 0\r\nHost: 46.149.110.67\r\n\r\n",
        "uri": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "body": "",
        "path": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "user-agent": "Microsoft-Delivery-Optimization/10.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1776380926.767389
      }
    ],
    "dns": [
      {
        "request": "dns.google",
        "type": "A",
        "answers": [
          {
            "type": "A",
            "data": "8.8.8.8"
          },
          {
            "type": "A",
            "data": "8.8.4.4"
          }
        ],
        "first_seen": 1776380728.110299
      }
    ],
    "smtp": [],
    "irc": [],
    "dead_hosts": [
      [
        "52.123.242.97",
        443
      ],
      [
        "72.154.7.109",
        443
      ],
      [
        "72.154.7.98",
        443
      ],
      [
        "72.154.7.101",
        443
      ],
      [
        "72.154.7.102",
        443
      ],
      [
        "72.154.7.105",
        443
      ],
      [
        "72.154.7.100",
        443
      ]
    ]
  },
  "suricata": {
    "alerts": [],
    "tls": [
      {
        "srcport": 49829,
        "srcip": "192.168.1.100",
        "dstport": 443,
        "dstip": "8.8.4.4",
        "timestamp": "2026-04-16 23:05:28.166981+0000",
        "version": "TLS 1.3",
        "sni": "dns.google",
        "ja3": {
          "hash": "6c6477a8b8b66939c3a643e4be7fdcc0",
          "string": "771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,43-18-23-16-35-5-65037-51-13-10-45-17613-65281-27-11-0,4588-29-23-24,0"
        },
        "ja3s": {
          "hash": "eb1d94daa7e0344597e756a1fb6e7054",
          "string": "771,4865,51-43"
        }
      }
    ],
    "perf": [],
    "files": [],
    "http": [
      {
        "srcport": 49949,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:07:03.494055+0000",
        "uri": "/filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee/pieceshash?cacheHostOrigin=msedge.f.dl.delivery.mp.microsoft.com",
        "length": 246,
        "hostname": "46.149.110.67",
        "status": 200,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49950,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:07:03.806361+0000",
        "uri": "/filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee?P1=1776985622&P2=404&P3=2&P4=PD62n0mbfNE4p%2bzyHMqYWf0Eo1BpP478XDrc2Cg%2f6tFDiTGKK%2bWrWL%2fU8MbcGPUmtxsWoGEpKhiIrbEfGypD2Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 2,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49951,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:07:04.618887+0000",
        "uri": "/filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee?P1=1776985622&P2=404&P3=2&P4=PD62n0mbfNE4p%2bzyHMqYWf0Eo1BpP478XDrc2Cg%2f6tFDiTGKK%2bWrWL%2fU8MbcGPUmtxsWoGEpKhiIrbEfGypD2Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 648760,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49950,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:07:04.634647+0000",
        "uri": "/filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee?P1=1776985622&P2=404&P3=2&P4=PD62n0mbfNE4p%2bzyHMqYWf0Eo1BpP478XDrc2Cg%2f6tFDiTGKK%2bWrWL%2fU8MbcGPUmtxsWoGEpKhiIrbEfGypD2Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49991,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:29.301533+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051/pieceshash?cacheHostOrigin=msedge.f.dl.delivery.mp.microsoft.com",
        "length": 2926,
        "hostname": "46.149.110.67",
        "status": 200,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49993,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:29.502814+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 2,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49993,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:31.362144+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49995,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:31.534043+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49993,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:31.709181+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49993,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:32.062815+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49995,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:32.171539+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49993,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:32.264836+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49995,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:32.469551+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49993,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:32.513369+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49995,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:32.727596+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49993,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:32.742466+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49995,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:32.927733+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49993,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:33.018246+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49995,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:33.295359+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49993,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:33.361963+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49995,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:33.651641+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49993,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:34.344283+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49995,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:34.360581+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49993,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:34.620492+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49995,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:34.677853+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49993,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:34.894889+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49995,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:34.962996+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49993,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:35.175648+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49995,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:35.254890+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49993,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:35.472582+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49995,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:35.533953+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49993,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:35.723212+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49995,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:35.806517+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49993,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:36.019523+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49995,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:36.079891+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49993,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:36.315310+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49995,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:36.780287+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49995,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:37.064384+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49993,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:37.160593+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49995,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:37.310155+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 992864,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49993,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:37.481620+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49995,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:37.557075+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49993,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:37.830145+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49995,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:38.150536+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49993,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:38.597102+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49995,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:38.935770+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49993,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:39.424145+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49995,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:39.767941+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49993,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:40.158369+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49995,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:40.495002+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49993,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:40.986168+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49995,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:41.362175+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49993,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:41.814678+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49995,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:42.361371+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49993,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:43.236679+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49995,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:43.595514+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49993,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:43.908648+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49995,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:44.283518+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49993,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:44.767188+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49995,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:45.079669+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49993,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:45.562191+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49995,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:45.891979+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49993,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:46.392008+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49995,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:46.688729+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      },
      {
        "srcport": 49993,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "46.149.110.67",
        "timestamp": "2026-04-16 23:08:47.141857+0000",
        "uri": "/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com",
        "length": 1048576,
        "hostname": "46.149.110.67",
        "status": 206,
        "http_method": "GET",
        "contenttype": "application/octet-stream",
        "ua": "Microsoft-Delivery-Optimization/10.0",
        "referrer": null
      }
    ],
    "dns": [
      {
        "timestamp": "2026-04-16T23:05:28.110299+0000",
        "flow_id": 192258835568282,
        "pcap_cnt": 702,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 61376,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "query",
          "id": 45301,
          "rrname": "dns.google",
          "rrtype": "A",
          "tx_id": 0,
          "opcode": 0
        }
      },
      {
        "timestamp": "2026-04-16T23:05:28.127948+0000",
        "flow_id": 192258835568282,
        "pcap_cnt": 729,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 61376,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "answer",
          "id": 45301,
          "flags": "8180",
          "qr": true,
          "rd": true,
          "ra": true,
          "opcode": 0,
          "rrname": "dns.google",
          "rrtype": "A",
          "rcode": "NOERROR",
          "answers": [
            {
              "rrname": "dns.google",
              "rrtype": "A",
              "ttl": 307,
              "rdata": "8.8.4.4"
            },
            {
              "rrname": "dns.google",
              "rrtype": "A",
              "ttl": 307,
              "rdata": "8.8.8.8"
            }
          ],
          "grouped": {
            "A": [
              "8.8.4.4",
              "8.8.8.8"
            ]
          }
        }
      },
      {
        "timestamp": "2026-04-16T23:05:28.109996+0000",
        "flow_id": 190956715760681,
        "pcap_cnt": 701,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 64611,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "query",
          "id": 10042,
          "rrname": "dns.google",
          "rrtype": "HTTPS",
          "tx_id": 0,
          "opcode": 0
        }
      },
      {
        "timestamp": "2026-04-16T23:05:28.127624+0000",
        "flow_id": 190956715760681,
        "pcap_cnt": 728,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 64611,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "answer",
          "id": 10042,
          "flags": "8180",
          "qr": true,
          "rd": true,
          "ra": true,
          "opcode": 0,
          "rrname": "dns.google",
          "rrtype": "HTTPS",
          "rcode": "NOERROR",
          "authorities": [
            {
              "rrname": "dns.google",
              "rrtype": "SOA",
              "ttl": 95,
              "soa": {
                "mname": "ns1.zdns.google",
                "rname": "cloud-dns-hostmaster.google.com",
                "serial": 1,
                "refresh": 21600,
                "retry": 3600,
                "expire": 259200,
                "minimum": 300
              }
            }
          ]
        }
      },
      {
        "timestamp": "2026-04-16T23:07:50.638220+0000",
        "flow_id": 1896710460216674,
        "pcap_cnt": 112670,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 60589,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "query",
          "id": 20216,
          "rrname": "dns.google",
          "rrtype": "A",
          "tx_id": 0,
          "opcode": 0
        }
      },
      {
        "timestamp": "2026-04-16T23:07:50.658611+0000",
        "flow_id": 1896710460216674,
        "pcap_cnt": 112676,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 60589,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "answer",
          "id": 20216,
          "flags": "8180",
          "qr": true,
          "rd": true,
          "ra": true,
          "opcode": 0,
          "rrname": "dns.google",
          "rrtype": "A",
          "rcode": "NOERROR",
          "answers": [
            {
              "rrname": "dns.google",
              "rrtype": "A",
              "ttl": 165,
              "rdata": "8.8.8.8"
            },
            {
              "rrname": "dns.google",
              "rrtype": "A",
              "ttl": 165,
              "rdata": "8.8.4.4"
            }
          ],
          "grouped": {
            "A": [
              "8.8.8.8",
              "8.8.4.4"
            ]
          }
        }
      },
      {
        "timestamp": "2026-04-16T23:07:50.637980+0000",
        "flow_id": 1895680730236292,
        "pcap_cnt": 112669,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 60081,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "query",
          "id": 49351,
          "rrname": "dns.google",
          "rrtype": "HTTPS",
          "tx_id": 0,
          "opcode": 0
        }
      },
      {
        "timestamp": "2026-04-16T23:07:50.655149+0000",
        "flow_id": 1895680730236292,
        "pcap_cnt": 112674,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 60081,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "answer",
          "id": 49351,
          "flags": "8180",
          "qr": true,
          "rd": true,
          "ra": true,
          "opcode": 0,
          "rrname": "dns.google",
          "rrtype": "HTTPS",
          "rcode": "NOERROR",
          "authorities": [
            {
              "rrname": "dns.google",
              "rrtype": "SOA",
              "ttl": 170,
              "soa": {
                "mname": "ns1.zdns.google",
                "rname": "cloud-dns-hostmaster.google.com",
                "serial": 1,
                "refresh": 21600,
                "retry": 3600,
                "expire": 259200,
                "minimum": 300
              }
            }
          ]
        }
      }
    ],
    "ssh": [],
    "fileinfo": [],
    "eve_log_full_path": "/opt/CAPEv2/storage/analyses/44/logs/eve.json",
    "alert_log_full_path": null,
    "tls_log_full_path": null,
    "http_log_full_path": null,
    "file_log_full_path": null,
    "ssh_log_full_path": null,
    "dns_log_full_path": null
  },
  "url_analysis": {},
  "procmemory": [],
  "signatures": [
    {
      "name": "antivm_checks_available_memory",
      "description": "Checks available memory",
      "categories": [
        "antivm"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4156,
          "cid": 455
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "queries_computer_name",
      "description": "Queries computer hostname",
      "categories": [
        "system_discovery"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4156,
          "cid": 2387
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "dead_connect",
      "description": "Attempts to connect to a dead IP:Port (1 unique times)",
      "categories": [
        "network"
      ],
      "severity": 1,
      "weight": 0,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4156,
          "cid": 2622
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2798
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2835
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2880
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2928
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2975
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3018
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3064
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3103
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3143
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3189
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3227
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3269
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3314
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3354
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3394
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3440
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3479
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3521
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3564
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3603
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3645
        },
        {
          "IP": "127.0.0.1:9033"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "queries_locale_api",
      "description": "Queries the computer locale (possible geofencing)",
      "categories": [
        "location_discovery",
        "geofence"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4156,
          "cid": 945
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 1007
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 1009
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "antidebug_setunhandledexceptionfilter",
      "description": "SetUnhandledExceptionFilter detected (possible anti-debug)",
      "categories": [
        "anti-debug"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 40,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4156,
          "cid": 348
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "antisandbox_sleep",
      "description": "A process attempted to delay the analysis task.",
      "categories": [
        "anti-sandbox"
      ],
      "severity": 2,
      "weight": 4,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4156,
          "cid": 1513
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 1823
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2591
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2594
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2602
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2613
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2615
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2617
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2618
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2624
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2626
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2627
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2628
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2629
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2631
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2632
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2634
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2635
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2637
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2650
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2662
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2678
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2741
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2763
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2778
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2780
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2782
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2784
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2786
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2788
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2790
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2792
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2799
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2801
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2802
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2804
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2805
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2807
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2808
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2810
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2811
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2813
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2815
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2817
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2819
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2821
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2823
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2825
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2827
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2829
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2836
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2838
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2839
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2841
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2842
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2844
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2845
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2847
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2848
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2850
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2852
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2854
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2856
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2858
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2868
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2870
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2872
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2874
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2881
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2883
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2884
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2886
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2887
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2889
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2890
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2891
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2892
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2894
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2895
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2906
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2908
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2910
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2912
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2914
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2916
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2918
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2920
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2922
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2929
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2931
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2932
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2934
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2935
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2937
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2938
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2939
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2944
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2950
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2952
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2955
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2957
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2959
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2961
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2963
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2965
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2967
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2969
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2976
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2978
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2979
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2981
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2982
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2984
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2985
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2987
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2988
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2990
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2992
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2994
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2996
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 2998
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3000
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3002
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3009
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3011
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3019
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3021
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3022
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3024
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3025
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3027
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3028
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3030
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3031
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3041
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3043
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3045
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3047
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3048
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3050
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3052
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3054
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3056
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3058
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3065
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3067
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3068
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3070
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3071
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3072
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3074
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3075
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3077
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3078
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3081
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3083
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3085
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3087
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3089
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3091
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3093
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3095
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3097
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3104
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3106
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3107
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3109
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3110
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3112
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3113
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3115
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3116
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3118
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3120
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3122
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3124
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3126
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3128
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3135
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3137
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3144
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3146
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3147
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3149
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3150
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3152
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3153
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3155
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3156
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3166
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3168
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3170
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3172
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3174
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3176
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3178
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3180
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3181
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3183
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3190
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3192
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3193
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3195
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3196
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3198
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3199
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3201
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3202
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3205
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3207
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3209
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3211
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3213
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3215
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3217
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3219
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3221
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3228
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3230
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3231
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3233
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3234
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3236
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3237
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3239
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3240
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3242
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3244
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3246
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3248
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3250
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3252
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3254
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3261
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3263
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3270
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3272
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3273
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3275
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3276
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3278
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3279
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3281
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3282
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3292
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3294
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3296
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3298
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3300
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3302
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3304
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3306
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3308
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3315
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3317
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3318
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3319
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3320
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3322
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3323
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3325
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3326
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3328
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3329
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3332
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3334
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3336
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3338
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3340
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3342
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3344
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3346
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3348
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3355
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3357
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3358
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3360
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3361
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3363
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3364
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3366
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3368
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3370
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3372
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3374
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3376
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3378
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3385
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3387
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3395
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3397
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3398
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3400
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3401
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3403
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3404
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3405
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3407
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3408
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3418
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3420
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3422
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3424
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3426
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3428
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3430
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3432
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3434
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3441
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3443
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3444
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3446
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3447
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3449
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3450
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3452
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3453
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3456
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3458
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3459
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3461
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3463
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3465
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3467
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3469
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3471
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3473
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3480
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3482
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3483
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3485
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3486
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3488
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3489
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3491
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3492
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3494
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3496
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3498
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3500
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3502
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3504
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3511
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3513
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3515
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3522
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3524
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3525
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3527
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3528
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3530
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3531
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3533
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3534
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3544
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3546
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3548
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3550
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3552
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3554
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3556
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3558
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3565
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3567
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3568
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3570
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3571
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3573
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3574
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3576
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3577
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3580
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3582
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3584
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3586
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3588
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3590
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3591
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3593
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3595
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3597
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3604
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3606
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3607
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3609
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3610
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3612
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3613
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3615
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3616
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3618
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3620
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3622
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3624
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3626
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3628
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3630
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3637
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3639
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3646
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3648
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3649
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3651
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3652
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3654
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3655
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3657
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3658
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3668
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3670
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3679
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3681
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3683
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 3685
        },
        {
          "note": "client.bin.exe tried to sleep 400.46 seconds, actually delayed analysis time by 0.0 seconds"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "network_cnc_http",
      "description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
      "categories": [
        "network",
        "c2"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 30,
      "references": [],
      "data": [
        {
          "ip_hostname": "HTTP connection was made to an IP address rather than domain name"
        },
        {
          "suspicious_request": "http://46.149.110.67/filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee/pieceshash?cacheHostOrigin=msedge.f.dl.delivery.mp.microsoft.com"
        },
        {
          "suspicious_request": "http://46.149.110.67/filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee?P1=1776985622&P2=404&P3=2&P4=PD62n0mbfNE4p%2bzyHMqYWf0Eo1BpP478XDrc2Cg%2f6tFDiTGKK%2bWrWL%2fU8MbcGPUmtxsWoGEpKhiIrbEfGypD2Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "suspicious_request": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051/pieceshash?cacheHostOrigin=msedge.f.dl.delivery.mp.microsoft.com"
        },
        {
          "suspicious_request": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "network_http",
      "description": "Performs some HTTP requests",
      "categories": [
        "network"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 30,
      "references": [],
      "data": [
        {
          "url": "http://46.149.110.67/filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee/pieceshash?cacheHostOrigin=msedge.f.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee?P1=1776985622&P2=404&P3=2&P4=PD62n0mbfNE4p%2bzyHMqYWf0Eo1BpP478XDrc2Cg%2f6tFDiTGKK%2bWrWL%2fU8MbcGPUmtxsWoGEpKhiIrbEfGypD2Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051/pieceshash?cacheHostOrigin=msedge.f.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "injection_rwx",
      "description": "Creates RWX memory",
      "categories": [
        "injection"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 50,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4156,
          "cid": 207
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "binary_yara",
      "description": "Binary file triggered multiple YARA rules",
      "categories": [
        "static"
      ],
      "severity": 3,
      "weight": 1,
      "confidence": 80,
      "references": [],
      "data": [
        {
          "Binary triggered YARA rule": "DITEKSHEN_MALWARE_Win_Nanocore"
        },
        {
          "Binary triggered YARA rule": "Windows_Trojan_Nanocore_d8c4e3c5"
        },
        {
          "Binary triggered YARA rule": "Nanocore"
        },
        {
          "Binary triggered YARA rule": "Nanocore_RAT_Gen_2"
        },
        {
          "Binary triggered YARA rule": "NanoCore"
        },
        {
          "Binary triggered YARA rule": "NETexecutableMicrosoft"
        },
        {
          "Binary triggered YARA rule": "IsPE32"
        },
        {
          "Binary triggered YARA rule": "IsNET_EXE"
        },
        {
          "Binary triggered YARA rule": "IsWindowsGUI"
        },
        {
          "Binary triggered YARA rule": "Microsoft_Visual_Studio_NET"
        },
        {
          "Binary triggered YARA rule": "Microsoft_Visual_C_v70_Basic_NET_additional"
        },
        {
          "Binary triggered YARA rule": "Microsoft_Visual_C_Basic_NET"
        },
        {
          "Binary triggered YARA rule": "Microsoft_Visual_Studio_NET_additional"
        },
        {
          "Binary triggered YARA rule": "Microsoft_Visual_C_v70_Basic_NET"
        },
        {
          "Binary triggered YARA rule": "NET_executable_"
        },
        {
          "Binary triggered YARA rule": "NET_executable"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "network_questionable_http_path",
      "description": "Makes a suspicious HTTP request to a commonly exploitable directory with questionable file ext",
      "categories": [
        "network"
      ],
      "severity": 3,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "url": "http://46.149.110.67/filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee/pieceshash?cacheHostOrigin=msedge.f.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee?P1=1776985622&P2=404&P3=2&P4=PD62n0mbfNE4p%2bzyHMqYWf0Eo1BpP478XDrc2Cg%2f6tFDiTGKK%2bWrWL%2fU8MbcGPUmtxsWoGEpKhiIrbEfGypD2Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee?P1=1776985622&P2=404&P3=2&P4=PD62n0mbfNE4p%2bzyHMqYWf0Eo1BpP478XDrc2Cg%2f6tFDiTGKK%2bWrWL%2fU8MbcGPUmtxsWoGEpKhiIrbEfGypD2Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee?P1=1776985622&P2=404&P3=2&P4=PD62n0mbfNE4p%2bzyHMqYWf0Eo1BpP478XDrc2Cg%2f6tFDiTGKK%2bWrWL%2fU8MbcGPUmtxsWoGEpKhiIrbEfGypD2Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051/pieceshash?cacheHostOrigin=msedge.f.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        },
        {
          "url": "http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "procmem_yara",
      "description": "Yara detections observed in process dumps, payloads or dropped files",
      "categories": [
        "malware"
      ],
      "severity": 3,
      "weight": 4,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "Hit": "PID 4156 triggered the Yara rule 'IsPE64' with data '[]'"
        },
        {
          "Hit": "PID 4156 triggered the Yara rule 'IsWindowsGUI' with data '[]'"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "recon_fingerprint",
      "description": "Collects information to fingerprint the system",
      "categories": [
        "discovery"
      ],
      "severity": 3,
      "weight": 1,
      "confidence": 75,
      "references": [],
      "data": [
        {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\MachineGuid"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "removes_zoneid_ads",
      "description": "Attempts to remove evidence of file being downloaded from the Internet",
      "categories": [
        "generic"
      ],
      "severity": 3,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "file": "C:\\Users\\cape\\AppData\\Local\\Temp\\client.bin.exe:Zone.Identifier"
        },
        {
          "type": "call",
          "pid": 4156,
          "cid": 1488
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    }
  ],
  "malscore": 10.0,
  "ttps": [
    {
      "signature": "antisandbox_sleep",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OB0001",
        "B0007",
        "B0007.008"
      ]
    },
    {
      "signature": "antivm_checks_available_memory",
      "ttps": [
        "T1082"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "dead_connect",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "binary_yara",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "network_cnc_http",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OB0004",
        "B0033",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "network_http",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "network_questionable_http_path",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "procmem_yara",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "recon_fingerprint",
      "ttps": [
        "T1012",
        "T1082"
      ],
      "mbcs": [
        "OB0007",
        "E1082",
        "OC0008",
        "C0036"
      ]
    }
  ],
  "malstatus": "Malicious"
}